[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] Some questions concerning security in Condor

Hi chaps,

In another round of security based questions, could anyone please give informative answers to the following with which we can approach our computing services people? These are their main points of concern before agreeing to adopt Condor for a campus wide grid.

- If using GSI authentication, who needs to (and who can) access the
  private keys of the X.509 certificates?

- Is Condor designed so that its processes only use root privilege if it
  is vital that they do so?  What are the consequences if these processes
  do not have root privilege (i.e. are there any consequences not
  mentioned in the current documentation?)?  Why do the processes which
  run as root need to do so?

- What is the flow of privilege on the submit machine from the moment a user types "condor_submit" to job completion?

- In Condor pools, how sensitive is communication - particularly TCP
  communication - between machines to minor network interruprions (e.g.
  network 'glitches' of 1 second or less)?

- Do submit and execution machines communicate with each other via TCP,
  UDP or both?  Does the submit machine initiate the communication, or
  the execute machine?

- If a machine other than the central manager were 'polled' via UDP from a
  "hostile" source to whom would it reply - the central manager or the
  "hostile" source?



Department of Earth Sciences, University of Cambridge
Downing Street, Cambridge CB2 3EQ, UK
Tel. (+44/0) 1223 333408, Fax  (+44/0) 1223 333450

Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>