[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Kerberos security and startup scripts...



Hi,

I have a Condor setup using:

SEC_DEFAULT_AUTHENTICATION      = REQUIRED
SEC_READ_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = KERBEROS

I like the relatively strong security this model provides, but I find
that condor won't start on boot because the init script doesn't have a
Kerberos ticket.

Is there a way to allow this, such that root on the local system can
control the local server processes without throwing the doors open to
more things?  The right way may be rewriting the init script to use a
keytab but floating keytabs around to all the systems doesn't seem
like the best idea either, though I suppose I could use the host
keytab, which would atleast make it more easily revocable on a per
host basis...

What do other people do?

-Jon