[Condor-users] Kerberos

["Miskell, Craig" <Craig.Miskell@xxxxxxxxxxxxxxxx>]

Hi,
	A quick couple of questions about kerberos support in condor: 

If I setup SEC_DEFAULT_AUTHENTICATION_METHODS=KERBEROS on the execute
nodes, submit nodes, and the central manager, then I need to create a
principle in my KDC for
$(CONDOR_SERVER_PRINCIPAL)/host.name@xxxxxxxxxxxxx for each host that
will participate.  I presume I then have to somehow setup the kerberos
keytab file on each host so that the daemons have the required
credentials.  If so, where would that be done?  If not, I think I've
missed something fundamental about Kerberos - would someone be kind
enough to explain it to me please?

When a user logs in to a submit node, and assuming they acquire a ticket
somehow (in our case, as a side-effect of logging in), then is that
sufficient to identify them when they submit a job? 

Thanks,

Craig Miskell,
Technical Support,
AgResearch Invermay
03 489-9279
The speed at which a mistyped command executes is directly 
proportional to the  amount of damage done.  	-- Joe Zeff 
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================