[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[condor-users] Migrating to Proper Authentication


I'm running a Condor cluster on Windows and Linux machines. So far I'm using host-based authentication. I'd like to migrate to proper authentication, for example, GSS.

The problem is that Condor documentation doesn't exactly tell much about the concepts and problems related with GSS or Kerberos authentication. Hopefully, somebody is already using these and can shed some more light on the issues. I have a couple of questions.

Question 1. Machine certificates.
I assume I have to install my central manager's certificate is installed on all other machines in the pool. I also assume that certificates of each of the machines in the pool should be made available to the central manager as well.

Now, if A and B are two machines in the pool, is it required that A has B's certificate and B has A's one or does all of the authentication go via the central manager?

Question 2. User certificates.
Does each machine have to have a list of user certificates which are allowed to access it?

Question 3. User Proxies.
Condor manual mentions that one has to generate some sort of a user proxy in order to submit jobs when using GSS authentication. The manual also mentions that the proxies are placed into a temporary directory and can also expire after some time.

What happens if the submission machine gets rebooted?

What happens if the job does not complete on time and the proxy expires?

Kind Regards,
Alexander Klyubin

Condor Support Information:
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>