Re: [Condor-users] Birdbath security setup

[Matthew Farrellee <matt@xxxxxxxxxxx>]

David,

The NULL/<IP> sounds like a bug you should report to the Condor Team.

(more below)

David Braun wrote:
> To all,
>     I know that this has been bounced around on this list but its still 
> not clear on how to set up birdbath.
>
> schedd_debug=d_fulldebug
> all_debug=d_fulldebug
> # BASE SETUP
> WEB_ROOT_DIR              = $(RELEASE_DIR)/web
> ENABLE_SOAP               = TRUE
> ENABLE_WEB_SERVER         = TRUE
> ENABLE_SOAP_SSL           = FALSE
> SCHEDD_ENABLE_SOAP_SSL    = FALSE
> COLLECTOR_ENABLE_SOAP_SSL = FALSE
> SCHEDD_ARGS               = -p 12000
> QUEUE_ALL_USERS_TRUSTED   = TRUE
>
> # this setup works but way to open
> HOSTALLOW_READ = *
> HOSTALLOW_WRITE = *
> ALLOW_READ = */*
> ALLOW_WRITE = */*
> ALLOW_SOAP = *
>
> # I'm trying to do this
> HOSTALLOW_READ = *.purdue.edu
> HOSTALLOW_WRITE = *.purdue.edu
> ALLOW_READ = */*.purdue.edu
> ALLOW_WRITE = */*.purdue.edu
> ALLOW_SOAP = *.purdue.edu
> # But this give a permission problem for user NULL/<IP>
>
> Questions:
>     1) I'm assuming that this setup will turn off SSL etc and allow 
> anonymous submission.

It should, since you specify ENABLE_SOAP_SSL = FALSE. You have to make 
sure you aren't using a https:// URL to access the services.


>     2) I'm using birdbath from the wsdl directly, not the additional 
> wrapper classes.  I'm assuming that setting username and password on the 
> http is enough. Is the wrappers classes doing more than this? Below is 

The WS interface to Condor does not support HTTP-AUTHENTICATION, aka a 
username+password in the HTTP Headers. So, this won't work. You can 
currently only use SSL and X.509 certificates.


Best,


matt

> the co
>      condor_6_9_3.schedd.CondorSchedd service = new 
> condor_6_9_3.schedd.CondorSchedd();
>      condor_6_9_3.schedd.CondorScheddPortType port = 
> service.getCondorSchedd();
>  ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,endpointURL);
>       
> ((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,"dbraun");
>            
>             // TODO initialize WS operation arguments here
>             condor_6_9_3.schedd.Transaction transaction = null;
>            
>             condor_6_9_3.schedd.TransactionAndStatus transaction_result 
> =   port.beginTransaction(CondorService.DEFAULT_DURATION);
>             System.out.println("transaction_result 
> "+transaction_result.getStatus().getMessage().getValue());
>
>
>
>
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
>
> The archives can be found at: 
> https://lists.cs.wisc.edu/archive/condor-users/