[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] condor security again

--On 16 February 2006 13:29 +0000 Matt Hope <matthew.hope@xxxxxxxxx> wrote:

On 2/16/06, Dr Ian C. Smith <i.c.smith@xxxxxxxxxxxxxxx> wrote:
This follows up the earlier authorization thread
which seems to have gone a bit cold. I've been
having a look at the Condor configuration model
again and there seems to be no way
of enforcing a policy that execute hosts cannot be
used (potentially) as submit hosts without having
strong user authentication. If a rogue user
could install a client on an execute host it could then
be used to submit jobs (nasty!). My thinking is this:

At the very least you could spot this shortly after it happened since
the schedd would have to register itself with the collector to add any
jobs to the pool.

If you have a black list / while list of machines allowed/disallowed
from being schedd's you can spot em pretty quick with an automated

Not perfect I know but at least you can spot it happening

Hmm, our Condor jobs can only run at the very times no one
is likely to be around to keep an eye on things. Is there
any way of working an extra requirement into the START expression
on the execute hosts. Something like:

User == "*@my.submit.host"

I don't suppose wildcards work though so it would be necessary
to add each new user to the config files as time went on, viz:

( User == "fred@xxxxxxxxxxxxxx" ) || ( User == "jim@xxxxxxxxxxxxxx" )

which would be a bit of a pain.



Condor-users mailing list