[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] User impersonation



On Wed, Jun 23, 2004 at 12:19:37PM +0200, Ralf Reinhardt wrote:
> Hi,
> Here is another problem from my small bioinformatics project.
> I have several users which want to share the cluster, but my frontend 
> only runs on a single account. It is very cumbersome to create and use 
> different accounts under XP.
> It would be much easier if there was a way to either let several jobs 
> run side by side for the same user or if condor_submit could be used 
> with user and password for lower security levels.
> Are there any solutions I have not found?

if your frontend is the only access your users have to the cluster, you can
enforce the concept of different "users" at that level.  however, if your end
users have the ability to actually run condor_submit, condor_q, and condor_rm,
etc. and talk directly to the condor_schedd, this will not work.

for example, say you have a web frontend running on some machine with a schedd.
that frontend can insert extra attributes into the job by putting something
like this in the submit file:
+webuser = zmiller

then the frontend can use the -constraint option to the condor tools to do
things on behalf of the webuser.  the web frontend is also responsible for
authenticating that user somehow, probably a password.

i'm not sure if this is what your were asking for... if not, sorry!


cheers,
-zach