[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] 'sbin' security config..

A bit ago, I seem to remember seeing a config directive that limited who could access/run the commands in {condor_home}/sbin..

Condor doesn't have a way to restrict who can execute those commands. You can do that through the normal Unix file permissions though.

However, there are ways to configure who is allowed to who is allowed to have an affect with those commands. That is, anyone can run the binaries, but not anyone can affect your pool.

The question is, how do you identify who is allowed? Since users may or may not be shared across a pool, there are several possible mechanisms for identifying users: IP address, GSI, Kerberos, and Windows authentication are the major methods. Setting these up is described in Section 3.7 of the Condor 6.6 manual:


IP address-based identification is the easiest to set up, but isn't terribly secure. GSI and Kerberos both work well, but take more effort to set up if you aren't already using them.


Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>