[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Schedd and kerberos



David McBride wrote:
Liam Gretton wrote:
I'm setting up a Condor pool which consists of a single Central Manager,
a number of execute hosts and a much smaller number of separate submit
hosts (all running Condor 7.0.5).

I need to treat the submit hosts as untrusted to some extent, and I'm
trying to use Kerberos to authenticate job submissions.

Our configuration differs slightly in that I'm not using a dedicated
service principal for daemon-daemon communications
(condor/hostname@REALM) but am instead using the existing host host keys
(host/hostname@REALM).

[snip]

The configuration we're using (set on all participating Condor hosts) is
as follows; you may find it a useful starting point:

Brilliant, thanks - this has done the trick, and host principals are fine for our uses.

Now I have another problem with realm mapping, but I'll ask about that elsewhere.

--
Liam Gretton                                    L.Gretton@xxxxxxxxxxx
IT Services                                   http://www.lboro.ac.uk/
Loughborough University                       Tel: +44 (0)1509 226048
Leicestershire LE11 3TU
United Kingdom