[condor-users] How to prevent unauthorized computers to join the pool

[Mark Silberstein <marks@xxxxxxxxxxxxxxxxxxxxxxx>]

Dear users and Condor Administrators,

I'm curious how you prevent unauthorized submissions machines to join
Condor pool. What I mean is the following:
We have a pool in the lab, in the Technion. Currently our settings are
that anyone can install Condor schedd on his/her PC in the Technion
network, point to our collector and submit whatever jobs he/she wants.
It is clearly a HUGE security hole, and virus writers and hackers are
looking for such opportunities. How do I prevent such thing to happen?
We have several computer farms for undergrads, and our current
configuration is equivalent to giving an access to them.

I know that setting HOSTALLOW_WRITE to the list of IPs I still want to
join is a possible solution. However this effectively means to set up
one by one all those who are allowed, as we use DHCP, so IP wildcards
wouldn't work, and all the faculty has the same domain name. 

What about certificates? Does anyone know if there are any plans to
implement this? 

Please share your experience, how do you use Condor security, if at all
Thanks
Mark


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>