[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] clarification on Windows credentials for condor use?
- Date: Wed, 11 Jul 2007 14:08:38 -0500
- From: Matthijs van der Meer <M.vanderMeer@xxxxxxxx>
- Subject: [Condor-users] clarification on Windows credentials for condor use?
I have a condor setup consisting of two Windows XP machines, one
master/submit/execute ("A"), and one execute-only machine ("B"). I have
not set up any authentication in either condor configuration apart from
allowing read and write access to machines A and B only, based on their
IP addresses. Jobs submitted on machine A successfully execute on
machine B. However, I am worried about Windows passwords being sent
unencrypted over the network.
Can someone confirm that no Windows passwords get sent? I could not find
any explicit mention of this in the documentation.
In that case, by what mechanism can user X submit a job on machine A,
which then gets executed on machine B, without any passwords being sent*?
(*My understanding of how it might work, based on reading mailing list
archives, is something like the following: the job on B actually gets
run as some sort of special user which has few privileges. However, when
files need to be written ( e.g. the job executable, or input file) on B,
user credentials are needed. These are not actually transferred over the
network, but are stored on B (and need to be added there using
condor_store_cred). Those credentials must match an existing account
(with the correct privileges) on B in order to work, and they must match
the submitting user's credentials on A (not sure about this part).)