[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[condor-users] Migrating to Proper Authentication
- Date: Fri, 26 Sep 2003 10:59:05 +0100
- From: Alexander Klyubin <A.Kljubin@xxxxxxxxxxx>
- Subject: [condor-users] Migrating to Proper Authentication
I'm running a Condor cluster on Windows and Linux machines. So far I'm
using host-based authentication. I'd like to migrate to proper
authentication, for example, GSS.
The problem is that Condor documentation doesn't exactly tell much about
the concepts and problems related with GSS or Kerberos authentication.
Hopefully, somebody is already using these and can shed some more light
on the issues. I have a couple of questions.
Question 1. Machine certificates.
I assume I have to install my central manager's certificate is installed
on all other machines in the pool. I also assume that certificates of
each of the machines in the pool should be made available to the central
manager as well.
Now, if A and B are two machines in the pool, is it required that A has
B's certificate and B has A's one or does all of the authentication go
via the central manager?
Question 2. User certificates.
Does each machine have to have a list of user certificates which are
allowed to access it?
Question 3. User Proxies.
Condor manual mentions that one has to generate some sort of a user
proxy in order to submit jobs when using GSS authentication. The manual
also mentions that the proxies are placed into a temporary directory and
can also expire after some time.
What happens if the submission machine gets rebooted?
What happens if the job does not complete on time and the proxy expires?
Condor Support Information:
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>