[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] Kerberos security and startup scripts...
- Date: Sun, 13 May 2007 23:54:00 -0500
- From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
- Subject: Re: [Condor-users] Kerberos security and startup scripts...
Re the below:
I think the common solution is to indeed use the host keytab file. In fact, iirc, Condor will look for it by default if you start the daemons as root.
University of Wisconsin-Madison
<-- Sent from a Palm Treo 680 phone -->
From: "Jonathan D. Proulx" <jon@xxxxxxxxxxxxx>
Subj: [Condor-users] Kerberos security and startup scripts...
Date: Thu May 10, 2007 9:18 am
I have a Condor setup using:
SEC_DEFAULT_AUTHENTICATION = REQUIRED
SEC_READ_AUTHENTICATION = REQUIRED
SEC_DEFAULT_AUTHENTICATION_METHODS = KERBEROS
I like the relatively strong security this model provides, but I find
that condor won't start on boot because the init script doesn't have a
Is there a way to allow this, such that root on the local system can
control the local server processes without throwing the doors open to
more things? The right way may be rewriting the init script to use a
keytab but floating keytabs around to all the systems doesn't seem
like the best idea either, though I suppose I could use the host
keytab, which would atleast make it more easily revocable on a per
What do other people do?
Condor-users mailing list
To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
You can also unsubscribe by visiting
The archives can be found at either