[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Authentication methods in Condor

I'm not an expert in Condor's authentication features, but the best guy to answer the questions is on vacation, so I took a stab at it.

- File System authentication (Linux, but what about Windows?)

This seems to only be available for non-Windows platforms. It's not Linux-specific.

- Remote File System authentication (Linux, but what about Windows?  Does
                                     this still exist?; doesn't seem to be
                                     mentioned in the manual any more)

I'm not sure what you are referring to.

- Claim To Be authentication (i.e. no authentication; all platforms?)

Yes, all platforms.

- Anonymous authentication (i.e. skip authentication checks; all platforms?)

Yes, all platforms.

- Please, please could the Condor documentation clearly state for which
  platforms each authentication method is supported?  At the moment the
  only authentication method which it indicates is platform specific is
  "Windows Authentication" (NTSSPI) - Section

Yes, we know we need to improve the security documentation. My apologies for its state--I've been meaning to work on it myself.

- When can we expect Kerberos authentication to be supported by Condor for
  Windows platforms?

I'm not sure of the timeline, but I know that someone was recently working on it. I'll see if I can get a time estimate from him later today.

It would probably show up in Condor 6.7.x, not Condor 6.6, since it will be a new feature.

- When using Kerberos authentication (under Linux) can the Condor daemons
  authenticate off a Windows 2000 or Windows 2003 Server domain controller
  (which are 'really' Kerberos domain controllers in disguise)?

Good question--I'll look into it.