[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GSI auth in Windows

On 23 Aug 2012, at 02:12, Rich Pieri wrote:

> On Tue, 21 Aug 2012 00:47:47 +0000
> "Jewell, Chris" <C.P.Jewell@xxxxxxxxxxxx> wrote:
>> Ah, of course!  That sorted it out.  Thanks.  Presumably my Condor
>> cluster is now secure, even though I have ALLOW_WRITE = *.my.domain
> Security is not a setting or a switch. Security is a group of processes
> and procedures intended to protect a system, be it a single node or a
> massive distributed network or anything in between, from the threats
> described by a threat model.
> Security is relative. What constitutes
> "secure" for my network would be unacceptable for a bank. Thus, the
> question you should ask yourself is if the system is secure enough for
> your requirements. This is something to discuss with your IT staff.

That's a good point, and one that we're certainly bearing in mind.

My question arises more as a result of not quite knowing the ins and outs of how Condor works at a low level.  What worried me is that someone
could write a script to send an arbitrary packet to a Condor port which would be unauthenticated.  I assume, however, that without a daemon handshake (authenticated +/- encrypted, etc) that this would be impossible.



> -- 
> Rich Pieri <ratinox@xxxxxxx>
> MIT Laboratory for Nuclear Science
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/condor-users/

Dr Chris Jewell
Lecturer in Biostatistics
Institute of Fundamental Sciences
Massey University
Private Bag 11222
Palmerston North 4442
New Zealand
Tel: +64 (0) 6 350 5701 Extn: 3586