[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] host based authentication for condor_submit -remote

Does the host based auth do any kind of validation that one user isn't claiming to be another user on that host?

	Not as far as I know.

Can you do something like run a stub schedd on your local machine that has no actual queue, but submits the job on to the remote schedd with its own creds vouching for the user validated via FS?

There's also REMOTE_FS (if the hosts share a filesystem), but I'm pretty sure the answer to your question is yes. Since FS is inherently local, you should be able to set your authentication methods to, say, FS and PASSWORD; if the password is readable only by root, then you know that only the daemons can authenticate to a remote host.

Configuring the schedd to automatically forward the jobs is a lot harder and depends on what exactly you want to accomplish. See my earlier message ("Centralized job handling by central admin") to this list for a few options.

- ToddM