Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] kerberos and condor
- Date: Mon, 13 Jun 2005 08:53:10 -0700
- From: Rajesh Rajamani <raj@xxxxxxxxxx>
- Subject: Re: [Condor-users] kerberos and condor
Andoni Olozaga wrote:
i am trying to set up kerberos authentication on
condor using linux machines.
i don't understand the instruction of the manual very
well, maybe due to my good english :-)
my questions are:
- the macros have to be defined in the
condor_config.local file haven't they???
Yes - you could define them in your condor_config.local file.
- does the kerberos server have to be install on the
condor server or can i install in another dedicated
machines???
You need not install Kerberos authentication server on a condor server -
you could install it on a different machine.
- if i can install it in a dedicated machine where
would I indicate it???
Using the KERBEROS_MAP_FILE and related macros in the config file. Do
check
http://www.cs.wisc.edu/condor/manual/v6.7/3_7Security_In.html#SECTION00473200000000000000
Briefly, here are the steps that we used for configuring kerberos based
authentication -
0. Make sure the clocks of all your machines are in synch (we use NTP)
1. Install KDC, establish realm and the user principal that you want
your condor daemons to use
(http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.5/doc/krb5-install.html#Installing%20Kerberos%20V5
and http://www.informit.com/guides/content.asp?g=security&seqNum=31&rl=1
describe how to do this). You may also want to create user accounts and
make sure you can obtain tickets for these from any condor host.
2. Define the kerberos map file and other authentication settings in
your config file and startup your daemons.
Let me know if this works for you.
--
Rajesh Rajamani
Senior Member of Technical Staff
Direct : +1.408.321.9000
Fax : +1.408.904.5992
Mobile : +1.408.321.9030
raj@xxxxxxxxxx
Optena Corporation
2860 Zanker Road, Suite 201
San Jose, CA 95134
www.optena.com
This electronic transmission (and any attached documents) contains
information from Optena Corporation and is for the sole use of the
individual or entity it is addressed to. If you receive this message in
error, please notify me and destroy the attached message (and all
attached documents) immediately.