[Condor-users] Kerberos: Does Condor break when using cross-realm Kerberos authentication?

[David McBride <dwm@xxxxxxxxxxxx>]

Greetings,

Are there any known issues configuring Condor to use Kerberos for authentication
in a multi-realm environment?

(Background: we're planning to migrate from a single-Realm Kerberos deployment,
where all of our users and systems have principals in DOC.IC.AC.UK, to a
multi-Realm Kerberos configuration where user principals instead exist in
IC.AC.UK, and a cross-realm trust link is installed between IC.AC.UK and
DOC.IC.AC.UK.

Currently, our local Condor deployment is configured to require Kerberos
authentication for all non-READ operations, which does exactly what we want.
However, our experiences so far have shown that not all software Does The Right
Thing when processing cross-realm Kerberos tickets, so wanted to see if anyone
has any experience deploying Condor in such an environment.)

Cheers,
David
-- 
David McBride <dwm@xxxxxxxxxxxx>
Department of Computing, Imperial College, London

Attachment: signature.asc
Description: OpenPGP digital signature