[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [condor-users] Some questions concerning security in Condor
- Date: Mon, 23 Feb 2004 23:40:50 +0200
- From: Mark Silberstein <marks@xxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [condor-users] Some questions concerning security in Condor
Are you planning to use Condor only for *NUX based systems? GSI for
Windows is still not available, is it?
As for TCP wrappers - I guess no, since the daemons are not built to
work with inetd/xinetd, which is the only way ( from my understanding )
to work with TCP wrappers.
I'm curious to here the answers from GURUs.
On Mon, 2004-02-23 at 19:55, Mark Calleja wrote:
> Hi Chaps,
> In order to win over our computing services guys and get them to
> consider putting Condor on campus-wide facilities, I'd be grateful if
> anyone can answer some of the questions that have been raised, and
> detailed below. I'd like say that by fielding these questions we are in
> no way implying any sort of slur on any aspects of Condor, but I have
> been warned that some people/organizations can feel slighted at having
> the security of their products questioned. We mean no such offence.
> 1) Does Condor support TCP_wrappers?
> 2) Has anyone done a security assesment/audit of Condor? If so, can we
> see the results?
> 3) Section 188.8.131.52, "GSI Authentication" in the Condor v6.6 manual
> implies that the distinguished name of certificates for the Condor
> daemons should be of the form:
> which is not of the same form as the distinguised name of certificates
> issued by the UK e-Science CA. So, is it the case that the distinguised
> name of certificates for the Condor daemons has to be of the form given
> above, or is this just an example? For comparison, the UK e-Science CA
> issues user certificates with distinguished names of the form:
> /C=UK/O=eScience/OU=?/L=?/CN=<name of user>
> host/server certificates with distinguished names of the form:
> and service certificates with distinguished names of the form:
> Thanks for any help,
Condor Support Information:
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>