[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [condor-users] Some questions concerning security in Condor
- Date: Thu, 08 Apr 2004 19:42:47 +0100
- From: Mark Calleja <mcal00@xxxxxxxxxxxxx>
- Subject: Re: [condor-users] Some questions concerning security in Condor
In another round of security based questions, could anyone please give
informative answers to the following with which we can approach our
computing services people? These are their main points of concern before
agreeing to adopt Condor for a campus wide grid.
- If using GSI authentication, who needs to (and who can) access the
private keys of the X.509 certificates?
- Is Condor designed so that its processes only use root privilege if it
is vital that they do so? What are the consequences if these processes
do not have root privilege (i.e. are there any consequences not
mentioned in the current documentation?)? Why do the processes which
run as root need to do so?
- What is the flow of privilege on the submit machine from the moment a
user types "condor_submit" to job completion?
- In Condor pools, how sensitive is communication - particularly TCP
communication - between machines to minor network interruprions (e.g.
network 'glitches' of 1 second or less)?
- Do submit and execution machines communicate with each other via TCP,
UDP or both? Does the submit machine initiate the communication, or
the execute machine?
- If a machine other than the central manager were 'polled' via UDP from a
"hostile" source to whom would it reply - the central manager or the
Department of Earth Sciences, University of Cambridge
Downing Street, Cambridge CB2 3EQ, UK
Tel. (+44/0) 1223 333408, Fax (+44/0) 1223 333450
Condor Support Information:
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>