[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Kerberos: Does Condor break when using cross-realm Kerberos authentication?



Zachary Miller wrote:

Are there any known issues configuring Condor to use Kerberos for authentication
in a multi-realm environment?

the authentication itself should work, although i have to admit i have not
tested it.  let's assume it does for now, and if not we will fix it.

Righto. Hopefully someone will pop up to say that it works for them; otherwise, I guess we'll just have to try it!

i think the main thing to be aware of will be potential username collisions,
unless you have some extra knowledge or umbrella policy that says this will
not happen.

Aha, we cheat. Usernames are allocated centrally for both realms, so no collisions should occur.

(Knowing that Condor will simply, by default, just take the first component of a Kerberos principal and use that as the local uid is useful information, however.)

Many thanks for the quick feedback!

Cheers,
David
--
David McBride <dwm@xxxxxxxxxxxx>
Department of Computing, Imperial College, London