Re: [Condor-users] GSI auth in Windows

["Jewell, Chris" <C.P.Jewell@xxxxxxxxxxxx>]

On 23 Aug 2012, at 09:05, Zachary Miller wrote:

>> My question arises more as a result of not quite knowing the ins and outs of how Condor works at a low level.  What worried me is that someone
>> could write a script to send an arbitrary packet to a Condor port which would be unauthenticated.  I assume, however, that without a daemon handshake (authenticated +/- encrypted, etc) that this would be impossible.
> 
> correct.  your configuration will keep people without your SSL cert from
> sending packets that condor will honor, regardless of your ALLOW_WRITE
> setting.  this is because you have the SEC_DAEMON_AUTHENTICATION now set
> to REQUIRED.

Perfect!  Just what I needed to know.

Thanks :-)

Chris

--
Dr Chris Jewell
Lecturer in Biostatistics
Institute of Fundamental Sciences
Massey University
Private Bag 11222
Palmerston North 4442
New Zealand
Tel: +64 (0) 6 350 5701 Extn: 3586