RE: [Condor-users] Condor Security

["Kewley, J \(John\)" <j.kewley@xxxxxxxx>]

> Could someone please advise us regarding how best to secure 
> our pool. If
> possible we would like to be able to grant user/machine access as per
> requests, and restrict access otherwise. How best can we 
> implement such
> a schema, please? Any advice would be welcomed.
> 
> Thank you -- David Baker.

Is it possible to use the host-based access policy in the central node's 
config file to do this.

By the sounds of things it is not easy to say 
*.dl.ac.uk, *.rl.ac.uk
and you would need something more complicated for your setup.
These would be added to the HOSTALLOW settings. I think changing HOSTALLOW_WRITE
means machines can't be added to the pool as either submitter or execute. 

I think it may be possible to permit access using IP addresses:
999.888.777.*
for example.

These would be added again to the config on the central node, although subsequent
changes would have to be amended by condor_config and I don't know if this can
ADD to an entry or only replace it.

Maybe the Condor guys can confirm.

At the end of the day, this alternative, and that given by Matt will not scale
well if arbitrary machines across your CampusGrid are to be allowed and others not.

Good Luck

John Kewley
j.kewley@xxxxxxxx