Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Forwarding Kerberos-Credentials
- Date: Fri, 20 Oct 2017 13:55:39 +0200 (CEST)
- From: "Finnern, Thomas" <thomas.finnern@xxxxxxx>
- Subject: Re: [HTCondor-users] Forwarding Kerberos-Credentials
Hey Frank,
some base information you may derive from our talk
https://indico.cern.ch/event/637013/contributions/2750510/attachments/1542241/2419095/ThomasFinnern_DESY_Batchmigration_KEK2017_16x9.pdf Cheers, Thomas>-----Original Message----->From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf>Of Beyer, Christoph>Sent: Friday, October 20, 2017 6:56 PM>To: htcondor-users>Subject: Re: [HTCondor-users] Forwarding Kerberos-Credentials>>Hi Frank,>>the feature was originally developed for usage at CERN and during the lastyear>the HTCondor team was kind enough to develop it a bit further with ouraid/input>to make it usuable for other sites to.>>We are currently using it with full KRB/AFS integration on a pilot clusterthat is>upposed to be our main 'local' batch facility with > 6.000 cores by the midof next>year.>>Though the implementation is now more or less vanilla getting it startedinvolves>a bit more than just editing config files.>>If you like I can give you more details and guide you through the processof>getting it
up and running as I opted for writing a recipe later anyway ....>>Best>Chris>>-->Christoph Beyer>DESY Hamburg>IT-Department>>Notkestr. 85>Building 02b, Room 009>22607 Hamburg>>phone:+49-(0)40-8998-2317>mail: christoph.beyer@xxxxxxx>>----- UrsprÃngliche Mail ----->Von: "FB" <fbo2@xxxxxxx>>An: "htcondor-users" <htcondor-users@xxxxxxxxxxx>>Gesendet: Freitag, 20. Oktober 2017 09:09:21>Betreff: [HTCondor-users] Forwarding Kerberos-Credentials>>Dear all,>>for some months, condor is being used at my place of work to not>waste our workstation's CPU cycles. Since the data being processed>is a little bit sensitive, we're in the process of moving fromNFSv3/sec=sys>to NFSv4/gssapi which requires Kerberos credentials present when accessing>data over the network. Google uncovered some slides mentioning credential>forwarding in HTCondor but I couldn't find anything in the manual about howto>use these SEC_CREDENTIAL_* -configuration options to make that work.>>Does anyone know, how to set
up credential forwarding? Is is really>possible to do "forwarding" or is it more like "magically creating">arbitrary credentials on demand (which would be slightly less optimal>in a network of workstations)?>>Best regards,>>Frank>_______________________________________________>HTCondor-users mailing list>To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a>subject: Unsubscribe>You can also unsubscribe by visiting>https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users>>The archives can be found at:>https://lists.cs.wisc.edu/archive/htcondor-users/>>_______________________________________________>HTCondor-users mailing list>To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a>subject: Unsubscribe>You can also unsubscribe by visiting>https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users>>The archives can be found at:>https://lists.cs.wisc.edu/archive/htcondor-users/