[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] SSL + windows



die 27/08/09, ad 20h26, Zachary Miller <zmiller@xxxxxxxxxxx> dixit :
> >  However when I run condor_submit I have in the SchedLog on Windows
> > 
> > SetAttribute security violation: setting owner to "administrateur"
> > when active owner is "ssl"
> 
> you will also need to set up the CERTIFICATE_MAPFILE in order to map
> the ssl credentials to actual users.  here's the manual entry:
>   http://www.cs.wisc.edu/condor/manual/v7.1/3_6Security.html#24819
> 
> and here's an example:
> 
> FS (.*) \1
> FS_REMOTE (.*) \1
> GSI (.) GSS_ASSIST_GRIDMAP
> SSL "^/DC=org/DC=doegrids/OU=People/CN=Zach Miller 139787$" zmiller@xxxxxxxxxxx
> SSL (.) GSS_ASSIST_GRIDMAP
> KERBEROS (.*) \1
> NTSSPI (.*) \1
> CLAIMTOBE (.*) nobody
> PASSWORD (.*) \1

Thanks for your answer. I will not have and access to the Windows box
before a while so I may ask another question in few days (even if I
think I understood)!

However something surprises me. Your configuration seems to mean that
the AUTH_SSL_CLIENT_CERTFILE is "^/DC=org/DC=doegrids/OU=People/CN=Zach
Miller 139787$" which would mean you can have only one user per host.
Is it right?

By the way, I use COG library to submit jobs to our Globus grid from
Windows. It includes an X509 proxy. Why can't we have the same with
Condor? 

Best,

Olivier.

Attachment: signature.asc
Description: Digital signature