thank you very much for the information.
it has been very useful for me.
it was only a bad configuration in the kerberos
client.
Now i can authenticate when using the command
"condor_status" but when i try to submit a job it says
that it can't authenticate.
I don't know why it can be, but i have put ethereal
and i have a pre-authenticate error.
isn't preauthentication supported???
i send my krb5.cnf and kdc.conf files because i
suppose that it might be another configuration error.
sorry but this is my first time with kerberos!!!
thank very much
--- Rajesh Rajamani <raj@xxxxxxxxxx> escribió:
Andoni Olozaga wrote:
i am trying to set up kerberos authentication on
condor using linux machines.
i don't understand the instruction of the manual
very
well, maybe due to my good english :-)
my questions are:
- the macros have to be defined in the
condor_config.local file haven't they???
Yes - you could define them in your
condor_config.local file.
- does the kerberos server have to be install on
the
condor server or can i install in another
dedicated
machines???
You need not install Kerberos authentication server
on a condor server -
you could install it on a different machine.
- if i can install it in a dedicated machine where
would I indicate it???
Using the KERBEROS_MAP_FILE and related macros in
the config file. Do
check
http://www.cs.wisc.edu/condor/manual/v6.7/3_7Security_In.html#SECTION00473200000000000000
Briefly, here are the steps that we used for
configuring kerberos based
authentication -
0. Make sure the clocks of all your machines are in
synch (we use NTP)
1. Install KDC, establish realm and the user
principal that you want
your condor daemons to use
(http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.5/doc/krb5-install.html#Installing%20Kerberos%20V5
and
http://www.informit.com/guides/content.asp?g=security&seqNum=31&rl=1
describe how to do this). You may also want to
create user accounts and
make sure you can obtain tickets for these from any
condor host.
2. Define the kerberos map file and other
authentication settings in
your config file and startup your daemons.
Let me know if this works for you.
--
Rajesh Rajamani
Senior Member of Technical Staff
Direct : +1.408.321.9000
Fax : +1.408.904.5992
Mobile : +1.408.321.9030
raj@xxxxxxxxxx
Optena Corporation
2860 Zanker Road, Suite 201
San Jose, CA 95134
www.optena.com
This electronic transmission (and any attached
documents) contains
information from Optena Corporation and is for the
sole use of the
individual or entity it is addressed to. If you
receive this message in
error, please notify me and destroy the attached
message (and all
attached documents) immediately.
_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
Student of the School of industrial engineering of bilbao
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
------------------------------------------------------------------------
_______________________________________________
Condor-users mailing list
Condor-users@xxxxxxxxxxx
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}