instructions were over 170 lines long and seemed anything but easy. I
am referring to Section 6.2.7 of the manual.
I believe we are using the credential-passing system, but it doesn't
seem to help with network resources. I used the condor_store_cred tool
if that's what you are talking about. Maybe we are not using it
correctly, but if it's designed to work with network mounts, I would
appreciate it if the developers would mention how to do it in Section
6.2.7. Why would they waste time telling people to use clear-text
passwords if there were an easy way to do it securely? If there is a
way, I'd like to know about it.
I do not have administrative rights on my co-worker's PCs and found that
the net command did not work until I included it in the job.
Thanks again!
Marshall
Marshall L. Buhl Jr.
NREL/NWTC
Voice: +1 (303) 384-6914
Fax: +1 (303) 384-6901
-----Original Message-----
From: condor-users-bounces@xxxxxxxxxxx
[mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Matt Hope
Sent: Saturday, January 20, 2007 3:59 AM
To: Condor-Users Mail List
Subject: Re: [Condor-users] Mounting network resources in Windows
On 1/19/07, Buhl, Marshall <Marshall_Buhl@xxxxxxxx> wrote:
Hi,
I thought I would share a fairly simple, and reasonably secure,
technique
Whilst not wanting to denigrate your efforts nor discourage sharing
them with the community I should point out that this security through
obscurity is in not significantly more secure than passing them as
plain text and users should not kid themselves that this is the case.
To evesdroppers this is roughly equivalent to putting bit of
(consistent) junk in between the user/password components which you
could do in the batch file if you wanted. In fact based on how many
compiled programs operate the string literals could all be relocated
into contiguous locations thus rendering even that step pointless.
If you believe the network your farm operates on is not secure from
snooping and this is a worry then you should move to 6.8 with genuine
encryption on the creddential passing which allows running as the
submitting user or comparable equivalent.
As a side note there is no need to transfer the net executable so long
as the executing condor user has rights to run the net command in the
system directory. Win2003 does not allow this by default for low
priviledge users. Explictly adding permission to the users that condor
executes as without runas behaviour is a sensible solution. If you use
runas then it is assumed that the users have the relevant permissions
if you want them to. Obviously if you are executing on machines which
are cycle stealing where you do not have admin control in the same way
then passing the executable is a solution.
Matt
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with
a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at either
https://lists.cs.wisc.edu/archive/condor-users/
http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR
_______________________________________________
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/condor-users
The archives can be found at either
https://lists.cs.wisc.edu/archive/condor-users/
http://www.opencondor.org/spaces/viewmailarchive.action?key=CONDOR
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}