[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Kerberos security and startup scripts...

Re the below:

I think the common solution is to indeed use the host keytab file.  In fact, iirc, Condor will look for it by default if you start the daemons as root.


Todd Tannenbaum
University of Wisconsin-Madison
<-- Sent from a Palm Treo 680 phone -->

-----Original Message-----

From:  "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx>
Subj:  [Condor-users] Kerberos security and startup scripts...
Date:  Thu May 10, 2007 9:18 am
Size:  1K
To:  condor-users@xxxxxxxxxxx


I have a Condor setup using:


I like the relatively strong security this model provides, but I find
that condor won't start on boot because the init script doesn't have a
Kerberos ticket.

Is there a way to allow this, such that root on the local system can
control the local server processes without throwing the doors open to
more things?  The right way may be rewriting the init script to use a
keytab but floating keytabs around to all the systems doesn't seem
like the best idea either, though I suppose I could use the host
keytab, which would atleast make it more easily revocable on a per
host basis...

What do other people do?

Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at either