Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] SSL + windows

Date: Thu, 27 Aug 2009 13:26:13 -0500
From: Zachary Miller <zmiller@xxxxxxxxxxx>
Subject: Re: [Condor-users] SSL + windows

>  However when I run condor_submit I have in the SchedLog on Windows
> 
> SetAttribute security violation: setting owner to "administrateur"
> when active owner is "ssl"

you will also need to set up the CERTIFICATE_MAPFILE in order to map
the ssl credentials to actual users.  here's the manual entry:
  http://www.cs.wisc.edu/condor/manual/v7.1/3_6Security.html#24819

and here's an example:

FS (.*) \1
FS_REMOTE (.*) \1
GSI (.) GSS_ASSIST_GRIDMAP
SSL "^/DC=org/DC=doegrids/OU=People/CN=Zach Miller 139787$" zmiller@xxxxxxxxxxx
SSL (.) GSS_ASSIST_GRIDMAP
KERBEROS (.*) \1
NTSSPI (.*) \1
CLAIMTOBE (.*) nobody
PASSWORD (.*) \1


in the above example, you can see that it maps my subject name explicitly to
the user "zmiller@xxxxxxxxxxx".  you will want to map the name to the user who
is submitting the job.

as a side note, it seems you are submitting as the admin user.  i'd recommend
submitting as a regular user.


cheers,
-zach

Follow-Ups:
- Re: [Condor-users] SSL + windows
  - From: Olivier Ricou

References:
- [Condor-users] SSL + windows
  - From: Olivier Ricou

Prev by Date: [Condor-users] SSL + windows
Next by Date: [Condor-users] ROCKS and Condor
Previous by thread: [Condor-users] SSL + windows
Next by thread: Re: [Condor-users] SSL + windows
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [Condor-users] SSL + windows