[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] User impersonation
- Date: Thu, 24 Jun 2004 09:28:54 +0200
- From: Ralf Reinhardt <ralf.reinhardt@xxxxxxxxxxx>
- Subject: Re: [Condor-users] User impersonation
Zachary Miller wrote:
On Wed, Jun 23, 2004 at 12:19:37PM +0200, Ralf Reinhardt wrote:
Here is another problem from my small bioinformatics project.
I have several users which want to share the cluster, but my frontend
only runs on a single account. It is very cumbersome to create and use
different accounts under XP.
It would be much easier if there was a way to either let several jobs
run side by side for the same user or if condor_submit could be used
with user and password for lower security levels.
Are there any solutions I have not found?
if your frontend is the only access your users have to the cluster, you can
enforce the concept of different "users" at that level. however, if your end
users have the ability to actually run condor_submit, condor_q, and condor_rm,
etc. and talk directly to the condor_schedd, this will not work.
for example, say you have a web frontend running on some machine with a schedd.
that frontend can insert extra attributes into the job by putting something
like this in the submit file:
+webuser = zmiller
then the frontend can use the -constraint option to the condor tools to do
things on behalf of the webuser. the web frontend is also responsible for
authenticating that user somehow, probably a password.
Nice idea, this way one can assign jobs or cluster to different users.
But that's not my problem (all submits are already stored in an
additional database). As long as only one user is submitting the
clusters, they will run one after the other and not side by side. Only
the order of execution can be changed. It would mean that some users
would have to wait quite some time until they get their first results
(and find out that they used the wrong method...). The problem is that
the users are sitting before their PCs and WAIT for the results. (I wish
i could redesign my users - it would make programming much more fun ;-))