[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Kerberos and Windows
- Date: Tue, 16 Dec 2008 09:21:23 +0000
- From: Liam Gretton <L.Gretton@xxxxxxxxxxx>
- Subject: [Condor-users] Kerberos and Windows
I'm close to having solved all my Condor issues, so that we can roll out
a secure service. But though my Linux clients successfully authenticate
against our Windows AD Kerberos service, I can't quite get this working
with our Windows clients.
The vast majority of our Condor pool will be Windows systems. These
hosts are part of the Windows AD, and get a Kerberos ticket with the
principal host/fqdn@REALM when they boot.
Ideally I'd like Condor to recognise this ticket, but I can't see any
way to do that. Condor's Kerberos support seems to demand a MIT-style
krb5.ini file and keytab for the principal. The krb5.ini file isn't a
problem, but getting the keytab into a file is. As far as I can tell
it's tucked away within the LSA and there's no way of getting to it.
Can anyone suggest a solution to this? If you've managed to get Condor
authenticating against a MS AD Kerberos service without having to export
keytabs to the host, I'd be very interested to hear how you've achieved
Liam Gretton L.Gretton@xxxxxxxxxxx
IT Services http://www.lboro.ac.uk/
Loughborough University Tel: +44 (0)1509 226048
Leicestershire LE11 3TU