Re: [condor-users] GSI authentication questions

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Tue, Dec 16, 2003 at 03:08:50PM -0000, Jonathan Giddy wrote:
> Has anybody got GSI authentication to work for communication between Condor
> daemons?

yes.  sorry the documentation is somewhat lacking at this point.


> The documentation states that the daemons' certificates must be in the
> directory specified by X509_DIRECTORY, but does not specify the filenames
> for the certificate and private key. Does anyone know what these should be?

hostcert.pem
hostkey.pem

you'll also need a directory named certificates which contains the signing
certificates and policies for your host certificate and user certificates.
i can elaborate on this if you like...  i might even have the beginnings of
a howto i could send if you're interested.


> Section 3.7.4.1 "GSI Authentication" suggests setting
> SEC_DEFAULT_AUTHENTICATION_METHODS to GSS_AUTHENTICATION, while section
> 3.7.3.3 "Authentication" suggests GSI as the correct value. Which do you
> use?

GSI is the correct one.  (the other would work but is being deprecated
eventually)

please let me know if you have any more questions!


cheers,
-zach

Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>