Re: [Condor-users] SSL + windows

[Olivier Ricou <ricou@xxxxxxxxxxxxx>]

die 28/08/09, ad 00h21, Zachary Miller <zmiller@xxxxxxxxxxx> dixit :
> > However something surprises me. Your configuration seems to mean that
> > the AUTH_SSL_CLIENT_CERTFILE is "^/DC=org/DC=doegrids/OU=People/CN=Zach
> > Miller 139787$" which would mean you can have only one user per host.
> > Is it right?
> 
> the mapping is "one ssl credential" translates to "one local uid".
> 
> so if you are using a host certificate, then yes, everyone who submits using
> that credential will end up as the same user.
> 
> i'd suggest getting separate credentials for each user.  if you are using
> the host credential for submitting, is it currently readable by everyone?

well, I have to find how to do that then, I mean defining a credential
for each user. All I found is how to define a credential for a host
(with AUTH_SSL_CLIENT_CERTFILE). Currently only one user can read it.

> > By the way, I use COG library to submit jobs to our Globus grid from
> > Windows. It includes an X509 proxy. Why can't we have the same with
> > Condor? 
> 
> i'm afraid i'm not familiar with COG, but hopefully others are.  feel free to
> chime in!
> 
> does it have one credential per submitter, or one for the entire service?  if
> it's one per service, how are the individual users authenticated?

One credential per user, it is GSI.

Olivier.

Attachment: signature.asc
Description: Digital signature