[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] clarification on Windows credentials for condor use?

Dear condor-users,

I have a condor setup consisting of two Windows XP machines, one master/submit/execute ("A"), and one execute-only machine ("B"). I have not set up any authentication in either condor configuration apart from allowing read and write access to machines A and B only, based on their IP addresses. Jobs submitted on machine A successfully execute on machine B. However, I am worried about Windows passwords being sent unencrypted over the network.

Can someone confirm that no Windows passwords get sent? I could not find any explicit mention of this in the documentation.

In that case, by what mechanism can user X submit a job on machine A, which then gets executed on machine B, without any passwords being sent*?


- Matthijs

(*My understanding of how it might work, based on reading mailing list archives, is something like the following: the job on B actually gets run as some sort of special user which has few privileges. However, when files need to be written ( e.g. the job executable, or input file) on B, user credentials are needed. These are not actually transferred over the network, but are stored on B (and need to be added there using condor_store_cred). Those credentials must match an existing account (with the correct privileges) on B in order to work, and they must match the submitting user's credentials on A (not sure about this part).)