Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] SSL authentication with WinXP
- Date: Thu, 15 Mar 2007 14:25:02 -0000
- From: "Smith, Ian" <I.C.Smith@xxxxxxxxxxxxxxx>
- Subject: Re: [Condor-users] SSL authentication with WinXP
> -----Original Message-----
> From: condor-users-bounces@xxxxxxxxxxx
> [mailto:condor-users-bounces@xxxxxxxxxxx] On Behalf Of Pascal Jermini
> Sent: 14 March 2007 10:51
> To: condor-users@xxxxxxxxxxx
> Subject: Re: [Condor-users] SSL authentication with WinXP
>
> Hello,
>
> > Anyone know if SSL works with Condor 6.8.4 under WinXP
> > - I know there have been problems in the past with this.
> > Are there any documents which describe how to set this up.
> I've come
> > across some general info in PPT sildes but nothing really
> 'hands on'.
>
> Yes, SSL works with version 6.8.4 under Windows (we are using
> it for approximately 180 compute nodes...).
>
> There is however very little documentation about SSL in
> general, and we mostly figured it out from the PPT slides and
> a lot of trial and error...
>
> I may send you a step by step guide on how we set it up, as
> soon as I have some time to write it down correctly ;) !
>
> cheers,
>
> Pascal
>
_______________________________________________http://www.cs.wisc.edu/~a
lderman/ca_chain_directions/staff_ca_chain_setup_notes.html
OK I've tried following the info in the Condor Week '06 (Milan)
slides:
http://www.bo.infn.it/calcolo/CondorWeek2006/tannenba_admin_tutorial.ppt
#940,138,Strong%20Security%20Capabilities
and I think I can create my own openSSL certs following these
instructions:
http://www.cs.wisc.edu/~alderman/ca_chain_directions/staff_ca_chain_setu
p_notes.html
but the big question is what I do with them. I can't work out exactly
what these
parameters refer to
AUTH_SSL_SERVER_CA_FILE
AUTH_SSL_SERVER_CA_DIR
AUTH_SSL_SERVER_CA_CERTFILE
AUTH_SSL_SERVER_CA_KEYFILE
AUTH_SSL_CLIENT_CA_FILE
AUTH_SSL_CLIENT_CA_DIR
AUTH_SSL_CLIENT_CA_CERTFILE
AUTH_SSL_CLIENT_CA_KEYFILE
Do I need to set these on the execute hosts and the central manager and
submit
host ? Presumably I need to create one host cert per execute host but
how do
I tie it to that machine. Surely someone could just copy it to another
machine ?
cheers,
-ian.