[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Forwarding Kerberos-Credentials

Hi Thomas,

----- UrsprÃngliche Mail -----
> Von: "Finnern, Thomas" <thomas.finnern@xxxxxxx>
> An: "HTCondor-Users Mail List" <htcondor-users@xxxxxxxxxxx>
> Gesendet: Freitag, 20. Oktober 2017 13:55:39
> Betreff: Re: [HTCondor-users] Forwarding Kerberos-Credentials

> Hey Frank,
> some base information you may derive from our talk
> https://indico.cern.ch/event/637013/contributions/2750510/attachments/1542241/2419095/ThomasFinnern_DESY_Batchmigration_KEK2017_16x9.pdf

apart from some information on how to configure/set up the credential forwarding
infrastructure, I do have one big question:

Is it possible to do actual credential forwarding (-> no STARTD node has any access to
credentials of users not having jobs running on it right now) or is this more like
"STARTD runs a job and requests credentials of the job owner from some
credential server"?

If it's second, I'll have to restrict access to this credential server to trusted
compute servers and would not be able to utilize workstations as STARTD nodes.