Re: [HTCondor-users] Jobs on Windows and heterogeneous pool

[Andrew Mole <Andrew.Mole@xxxxxxxx>]

Here is the relevant section in the manual. See also 6.2.4 &6.2.5 (this includes the configuration required). Let us know when you have more questions.

http://research.cs.wisc.edu/htcondor/manual/current/6_2Microsoft_Windows.html#SECTION00723000000000000000

6.2.3 Secure Password Storage

In order for HTCondor to operate properly, it must at times be able to act on behalf of users who submit jobs. This is required on submit machines, so that HTCondor can access a job's input files, create and access the job's output files, and write to the job's log file from within the appropriate security context. On Unix systems, arbitrarily changing what user HTCondor performs its actions as is easily done when HTCondor is started with root privileges. On Windows, however, performing an action as a particular user or on behalf of a particular user requires knowledge of that user's password, even when running at the maximum privilege level. HTCondor provides secure password storage through the use of the condor_store_cred tool. Passwords managed by HTCondor are encrypted and stored in a secure location within the Windows registry. When HTCondor needs to perform an action as or on behalf of a particular user, it uses the securely stored password to do so. This implies that a password is stored for every user that will submit jobs from the Windows submit machine.

A further feature permits HTCondor to execute the job itself under the security context of its submitting user, specifying the run_as_owner command in the job's submit description file. With this feature, it is necessary to configure and run a centralized condor_credd daemon to manage the secure password storage. This makes each user's password available, via an encrypted connection to the condor_credd, to any execute machine that may need it.

By default, the secure password store for a submit machine when no condor_credd is running is managed by the condor_schedd. This approach works in environments where the user's password is only needed on the submit machine.






-----Original Message-----
From: htcondor-users-bounces@xxxxxxxxxxx [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Romain
Sent: 13 May 2013 15:39
To: htcondor-users@xxxxxxxxxxx
Subject: Re: [HTCondor-users] Jobs on Windows and heterogeneous pool

Hi,

I've searched some informations about credd but, i'm not sure to understand.
The credd process/daemon serves to use a "run_as_owner" setting in the submit file that's it?

I've to use a special user to have autorization to read/write in the shared file I use for share condor submit file and input file.

Have you an idea of ​​the configuration I do use to achieve this on Windows ?

Thank you in advance.

Byebye.

-* Romain *-

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/
____________________________________________________________
Electronic mail messages entering and leaving Arup  business
systems are scanned for acceptability of content and viruses