[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] host based authentication for condor_submit -remote

If you just want host-based authentication, you probably want to enable the CLAIMTOBE mode: that allows the client to simply assert an identity, and the server will believe it.

You don't normally have to do this, and probably don't want to; CLAIMTOBE is mostly intended for debugging. What you probably want to do instead is reconfigure HTCondor to not require authentication at all -- host-based authorization at least checks DNS entries against the peer address of incoming connections, but CLAIMTOBE does nothing at all.

The default for SEC_DEFAULT_AUTHENTICATION is OPTIONAL, so you don't normally have to do anything to use host-based authorization. If you've changed that in your configuration, you may have to change it back. (HTCondor can use both host-based authorization and GSI/kerberos/etc authentication simultaneously, but it's trickier to configure.)

- ToddM