Re: [Condor-users] condor security again

[Matt Hope <matthew.hope@xxxxxxxxx>]

On 2/16/06, Dr Ian C. Smith <i.c.smith@xxxxxxxxxxxxxxx> wrote:
> This follows up the earlier authorization thread
> which seems to have gone a bit cold. I've been
> having a look at the Condor configuration model
> again and there seems to be no way
> of enforcing a policy that execute hosts cannot be
> used (potentially) as submit hosts without having
> strong user authentication. If a rogue user
> could install a client on an execute host it could then
> be used to submit jobs (nasty!). My thinking is this:

At the very least you could spot this shortly after it happened since
the schedd would have to register itself with the collector to add any
jobs to the pool.

If you have a black list / while list of machines allowed/disallowed
from being schedd's you can spot em pretty quick with an automated
job...

Not perfect I know but at least you can spot it happening

Matt