[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] User impersonation



Zachary Miller wrote:
On Wed, Jun 23, 2004 at 12:19:37PM +0200, Ralf Reinhardt wrote:

Hi,
Here is another problem from my small bioinformatics project.
I have several users which want to share the cluster, but my frontend only runs on a single account. It is very cumbersome to create and use different accounts under XP.
It would be much easier if there was a way to either let several jobs run side by side for the same user or if condor_submit could be used with user and password for lower security levels.
Are there any solutions I have not found?


if your frontend is the only access your users have to the cluster, you can
enforce the concept of different "users" at that level.  however, if your end
users have the ability to actually run condor_submit, condor_q, and condor_rm,
etc. and talk directly to the condor_schedd, this will not work.

for example, say you have a web frontend running on some machine with a schedd.
that frontend can insert extra attributes into the job by putting something
like this in the submit file:
+webuser = zmiller

then the frontend can use the -constraint option to the condor tools to do
things on behalf of the webuser.  the web frontend is also responsible for
authenticating that user somehow, probably a password.


Nice idea, this way one can assign jobs or cluster to different users. But that's not my problem (all submits are already stored in an additional database). As long as only one user is submitting the clusters, they will run one after the other and not side by side. Only the order of execution can be changed. It would mean that some users would have to wait quite some time until they get their first results (and find out that they used the wrong method...). The problem is that the users are sitting before their PCs and WAIT for the results. (I wish i could redesign my users - it would make programming much more fun ;-))


Cheers Ralf