[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] restricting admin commands


I have a condor cluster where one system is both the submission machine and central manager and it just struck me that because of default host-based auth, it means all users on the system can use admin-level condor commands (such as condor_userprio). I am going to see about moving submission to its own system since that simplifies the auth piece, however I wonder if there is another easy way to restrict it so that only root can use admin commands, and all the other users cannot. I tried looking into setting up one of the authn /authz setups like Kerberos since that is what we use for system login, but I cannot get it to work, plus I don’t think it would work with the local root account anyway. Any suggestions as to what I can use to restrict admin commands to just root?


Thanks. (running version 8.8 btw)



Gianni Pezzarossi

Computational System Analyst

User Services:Research

Engineering IT Shared Services

University of Illinois @ Urbana-Champaign