Hello!
I have a central Unix machine with MASTER, COLLECTOR, SCHEDD demons and several main EXECUTE nodes in a private network behind a firewall. Let's call this machine - machine A.
There are also users who have some kind of licensed software installed on their Windows machines (Machine B). I want to connect EXECUTE HTCondor nodes from their machines (B) to an existing pool on machine A.
My goal is to make sure that they can run their jobs. Some of their jobs will use their licensed software, so these jobs must be running on machines B.
There is one-way visibility between the machines: from B to A. So I decided to use the CCB mechanism.
From a security point of view, the question is: How can I best organize authentication the EXECUTE node (from machine B) to join it to main pool? I want to completely avoid the situation where users can break or change the main pool or configuration on Machine A. Also, if there will be several computers B, I do not want B1 to spoil or change something with B2.
What is the best way to configure the htcondor A, B machines? Which authentication method to choose?
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}