Re: [Condor-users] condor security again

["Dr Ian C. Smith" <i.c.smith@xxxxxxxxxxxxxxx>]

--On 16 February 2006 13:29 +0000 Matt Hope <matthew.hope@xxxxxxxxx> wrote:

> On 2/16/06, Dr Ian C. Smith <i.c.smith@xxxxxxxxxxxxxxx> wrote:
> > This follows up the earlier authorization thread
> > which seems to have gone a bit cold. I've been
> > having a look at the Condor configuration model
> > again and there seems to be no way
> > of enforcing a policy that execute hosts cannot be
> > used (potentially) as submit hosts without having
> > strong user authentication. If a rogue user
> > could install a client on an execute host it could then
> > be used to submit jobs (nasty!). My thinking is this:
>
> At the very least you could spot this shortly after it happened since
> the schedd would have to register itself with the collector to add any
> jobs to the pool.
>
> If you have a black list / while list of machines allowed/disallowed
> from being schedd's you can spot em pretty quick with an automated
> job...
>
> Not perfect I know but at least you can spot it happening

Hmm, our Condor jobs can only run at the very times no one
is likely to be around to keep an eye on things. Is there
any way of working an extra requirement into the START expression
on the execute hosts. Something like:

User == "*@my.submit.host"

I don't suppose wildcards work though so it would be necessary
to add each new user to the config files as time went on, viz:

( User == "fred@xxxxxxxxxxxxxx" ) || ( User == "jim@xxxxxxxxxxxxxx" )

which would be a bit of a pain.

-ian.


> Matt
>
> _______________________________________________
> Condor-users mailing list
> Condor-users@xxxxxxxxxxx
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users