Re: [Condor-users] Authentication methods in Condor

[Alain Roy <roy@xxxxxxxxxxx>]

I'm not an expert in Condor's authentication features, but the best guy to 
answer the questions is on vacation, so I took a stab at it.

> - File System authentication (Linux, but what about Windows?)

This seems to only be available for non-Windows platforms. It's not 
Linux-specific.

> - Remote File System authentication (Linux, but what about Windows?  Does
>                                      this still exist?; doesn't seem to be
>                                      mentioned in the manual any more)

I'm not sure what you are referring to.

> - Claim To Be authentication (i.e. no authentication; all platforms?)

Yes, all platforms.

> - Anonymous authentication (i.e. skip authentication checks; all platforms?)

Yes, all platforms.

> - Please, please could the Condor documentation clearly state for which
>   platforms each authentication method is supported?  At the moment the
>   only authentication method which it indicates is platform specific is
>   "Windows Authentication" (NTSSPI) - Section 3.7.4.4.

Yes, we know we need to improve the security documentation. My apologies 
for its state--I've been meaning to work on it myself.

> - When can we expect Kerberos authentication to be supported by Condor for
>   Windows platforms?

I'm not sure of the timeline, but I know that someone was recently working 
on it. I'll see if I can get a time estimate from him later today.

It would probably show up in Condor 6.7.x, not Condor 6.6, since it will be 
a new feature.

> - When using Kerberos authentication (under Linux) can the Condor daemons
>   authenticate off a Windows 2000 or Windows 2003 Server domain controller
>   (which are 'really' Kerberos domain controllers in disguise)?

Good question--I'll look into it.

-alain