Re: [condor-users] Some questions concerning security in Condor

[Mark Calleja <mcal00@xxxxxxxxxxxxx>]

Hi Zach,

Many thanks for your reply. This helps clear up a few of our shakey ideas.

> > host/server certificates with distinguished names of the form:
> >
> >   /C=UK/O=eScience/OU=?/L=?/CN=<hostname>/Email=<some_name@domain>
>
> no problem.  but i am curious about the Email... whose email is that, the
> sysadmin responsible for the host?

It is the e-mail address given by the individual who applied for the 
host certificate, which is hopefully the system administrator 
responsible for the host, but there is nothing to really guarantee that 
it is the system administrator's e-mail address; it could conceivably be 
a fake.

> please feel free to ask more questions!


OK, here's another security-related question:

On systems where Condor is running as root, is it possible for the job's 
executable to be chroot'd? In particular, is it possible to MAKE Condor 
chroot the job's executable?

Thanks for the help,

Mark

--

Department of Earth Sciences, University of Cambridge
Downing Street, Cambridge CB2 3EQ, UK
Tel. (+44/0) 1223 333408, Fax  (+44/0) 1223 333450
http://www.esc.cam.ac.uk/~mcal00


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>