[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Authentication methods in Condor



I would like to know whether there are any cross-platform
(strong) authentication methods provided by Condor - from talking to
some of the Condor Team at this year's Condor Week I believe this is the
case (or was then), but I wonder whether this is still the case and
whether we can expect it to change in the (near) future.

As I understand it the available authentication methods are:

- GSI authentication (Linux only)
- Kerberos authentication (Linux only)
- Windows NTSSPI authentication (Windows only)
- File System authentication (Linux, but what about Windows?)
- Remote File System authentication (Linux, but what about Windows?  Does 
                                     this still exist?; doesn't seem to be
                                     mentioned in the manual any more)
- Claim To Be authentication (i.e. no authentication; all platforms?)
- Anonymous authentication (i.e. skip authentication checks; all platforms?)

I understood (perhaps incorrectly) that it would not be too hard to
enable Kerberos authentication under Windows for Condor, whilst GSI
authentication under Windows requires the Globus Alliance to produce a
stable Windows implementation of GSI (currently a low priority for them?). 

So what I would like to know is:

- Would someone from the Condor Team 'clarify' the question marks in my
  list above?

- Please, please could the Condor documentation clearly state for which
  platforms each authentication method is supported?  At the moment the
  only authentication method which it indicates is platform specific is
  "Windows Authentication" (NTSSPI) - Section 3.7.4.4.

- When can we expect Kerberos authentication to be supported by Condor for
  Windows platforms?

- When using Kerberos authentication (under Linux) can the Condor daemons 
  authenticate off a Windows 2000 or Windows 2003 Server domain controller
  (which are 'really' Kerberos domain controllers in disguise)?

Thanks,

  Bruce

--
Bruce Beckles,
e-Science Specialist,
University of Cambridge Computing Service.