Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] SSL authentication problem

Date: Wed, 4 Jun 2008 21:52:42 +0200
From: Pascal Jermini <pascal+condor@xxxxxxxxxxxxxxxx>
Subject: Re: [Condor-users] SSL authentication problem

> > PS I'm still at loss to see what is stopping malicious users just  
> > copying
> > the host cert elsewhere. Unless it can be made readable only by the  
> > Condor
> > processes under Windows ??
> 
> I believe that it can be.  Condor processes usually run as 'system' so  
> if you configure your permissions so that only 'system' and  
> administrators can access 'c:\condor\ssl', the users shouldn't be able  
> to access those files, but the Condor daemons should be able to.

I can confirm that it is indeed the case. In our case we modified the ACLs on
the directory by removing all access to the "Everyone" built-in group, but
leaving access to the Administrators group. This effectively avoids having
users copying around SSL certificates.

We also have a similar setup under Linux, where the directory containing the
certificates belongs to the "condor" user and group.

Pascal

Follow-Ups:
- [Condor-users] How RANK works in Condor?
  - From: Yu Fu
- Re: [Condor-users] SSL authentication problem
  - From: Smith, Ian

References:
- [Condor-users] SSL authentication problem
  - From: Smith, Ian
- Re: [Condor-users] SSL authentication problem
  - From: Ian Alderman

Prev by Date: [Condor-users] 3 questions for smp macro
Next by Date: Re: [Condor-users] testing condor-G (Non Local Crashed)
Previous by thread: Re: [Condor-users] SSL authentication problem
Next by thread: Re: [Condor-users] SSL authentication problem
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] SSL authentication problem