[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor security again

On 2/16/06, Dr Ian C. Smith <i.c.smith@xxxxxxxxxxxxxxx> wrote:
> This follows up the earlier authorization thread
> which seems to have gone a bit cold. I've been
> having a look at the Condor configuration model
> again and there seems to be no way
> of enforcing a policy that execute hosts cannot be
> used (potentially) as submit hosts without having
> strong user authentication. If a rogue user
> could install a client on an execute host it could then
> be used to submit jobs (nasty!). My thinking is this:

At the very least you could spot this shortly after it happened since
the schedd would have to register itself with the collector to add any
jobs to the pool.

If you have a black list / while list of machines allowed/disallowed
from being schedd's you can spot em pretty quick with an automated

Not perfect I know but at least you can spot it happening