[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Condor WS BirdBath security questions


BirdBath supports SSL mutual-authentication as of Condor 6.8. There is a tutorial online from Condor Week 2006 that explains how to use authentication.

http://www.cs.wisc.edu/condor/CondorWeek2006/presentations/ farrellee_tannenba_APIs.ppt

I don't know the specifics of the GridSAM plugin. I believe it converts job descriptions into ClassAds for submission to Condor and was written before the SSL authentication support was added to BirdBath. Though, if you follow the tutorial you may not need to change anything about the GridSAM plugin to use authentication.



On Aug 21, 2006, at 10:20 AM, Nathan Harmston wrote:


In order to use the Condor WS (BirdBath), it must be configured that
Condor allows anonymous users to submit jobs. This of course to my
departments SysAdmin seems very insecure. The problem occurs during the
creation of a cluster for submission of a job and then when u submit a
job, you only need a username (which doesnt map to an allowed user of
the pool?), letsthrashtheharddrive.sh springs to mind.

Is there anyway to work around this and force Condor to authenicate
users through the webservices interface ?
Are there any plans to implement better security functionality in
BirdBath anytime soon?
I ve seen a paper integrating GridSAM and Condor and was wondering if
anyone knew about the security model used in this? Is GridSAM submitting
via the Condor DRM anonymously or can this be setup differently?



PS The paper btw is Condor BirdBath - Web Service Interfaces to Condor -
AHM 2005