[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] writable access to a shared file system

On Wed, May 03, 2006 at 05:34:14PM -0400, Olga Kornievskaia wrote:
> Are there any plans to have a writable access to a shared file system 
> (AFS or NFS)?
> Administrator's manual, section says:  "Condor does not 
> currently have a way to authenticate itself to AFS. A solution is not 
> ready for Version 6.7.18. This implies that you are probably not going 
> to want to have the LOCAL_DIR  for Condor on AFS."
> The phrase "a solution is not ready" might imply that some solution is 
> in works? Can somebody elaborate on this topic? Thanks.

At some point, Condor may provide a secure channel to transmit AFS tokens
from the submit machine to the execute machine. We're not sure if we will,
because most sites that have AFS also have another way to get an AFS token.
For example, many sites run gssklog along with AFS, which lets you present 
an X509 certificate to get an AFS token. In that case, we could 
delegate an X509 proxy to the job at the execute side, which could then
turn around and get an AFS token. 

We're more keen on going the gssklog path, because we already have support
for delegating X509 certificates (and it's useful for situations other than
AFS as well.)

Better AFS support is not a feature planned for 6.8. The 6.7.18 mention 
is misleading, we've got nothing close to working yet. The reason it
says 6.7.18 is because it's a macro in the LaTeX source - when 6.7.19
comes out, the manual will automatically read "A solution is not ready 
for 6.7.19"

Sorry to disappoint,