[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] kerberos and condor

On Mon, 2005-06-13 at 14:57 +0200, Andoni Olozaga wrote:


> i am trying to set up kerberos authentication on
> condor using linux machines.


> my questions are:
> - the macros have to be defined in the
> condor_config.local file haven't they???

Strictly speaking, no.  In my local configuration, I have a single
global configuration file stored on an NFS volume.  This master
configuration file is symlinked from /etc/condor/condor_config on each
participating machine.

I specify the pool security policy (and, in fact, everything else) in
this file.  I can publish a copy of my configuration if you (or anyone
else) is interested.

> - does the kerberos server have to be install on the
> condor server or can i install in another dedicated
> machines???

The Kerberos infrastructure is completely independent.  You can (and
should!) install the Kerberos Domain Controller (KDC) on it's own
dedicated machine -- ideally with one or more slave backup machines.

> - if i can install it in a dedicated machine where
> would  I indicate it???

There is a machine-local configuration file called /etc/krb5.conf.  This
file will specify the hostnames of the KDC servers for your realm.  

For example, my local krb5.conf contains the following:

        kdc = kerberos.doc.ic.ac.uk
        kdc = kerberos1.doc.ic.ac.uk
        kdc = kerberos2.doc.ic.ac.uk
        admin_server = kerberos.doc.ic.ac.uk

It sounds like you're not that familiar with Kerberos administration.
You may wish to read the Kerberos 5 documentation at

David McBride <dwm@xxxxxxxxxxxx>
Department of Computing, Imperial College, London

Attachment: signature.asc
Description: This is a digitally signed message part