[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Birdbath security setup



To all,
I know that this has been bounced around on this list but its still not clear on how to set up birdbath.

schedd_debug=d_fulldebug
all_debug=d_fulldebug
# BASE SETUP
WEB_ROOT_DIR              = $(RELEASE_DIR)/web
ENABLE_SOAP               = TRUE
ENABLE_WEB_SERVER         = TRUE
ENABLE_SOAP_SSL           = FALSE
SCHEDD_ENABLE_SOAP_SSL    = FALSE
COLLECTOR_ENABLE_SOAP_SSL = FALSE
SCHEDD_ARGS               = -p 12000
QUEUE_ALL_USERS_TRUSTED   = TRUE

# this setup works but way to open
HOSTALLOW_READ = *
HOSTALLOW_WRITE = *
ALLOW_READ = */*
ALLOW_WRITE = */*
ALLOW_SOAP = *

# I'm trying to do this
HOSTALLOW_READ = *.purdue.edu
HOSTALLOW_WRITE = *.purdue.edu
ALLOW_READ = */*.purdue.edu
ALLOW_WRITE = */*.purdue.edu
ALLOW_SOAP = *.purdue.edu
# But this give a permission problem for user NULL/<IP>

Questions:
1) I'm assuming that this setup will turn off SSL etc and allow anonymous submission. 2) I'm using birdbath from the wsdl directly, not the additional wrapper classes. I'm assuming that setting username and password on the http is enough. Is the wrappers classes doing more than this? Below is the co condor_6_9_3.schedd.CondorSchedd service = new condor_6_9_3.schedd.CondorSchedd(); condor_6_9_3.schedd.CondorScheddPortType port = service.getCondorSchedd();
((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,endpointURL);
((BindingProvider)port).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,"dbraun"); // TODO initialize WS operation arguments here
           condor_6_9_3.schedd.Transaction transaction = null;
condor_6_9_3.schedd.TransactionAndStatus transaction_result = port.beginTransaction(CondorService.DEFAULT_DURATION); System.out.println("transaction_result "+transaction_result.getStatus().getMessage().getValue());