Re: [condor-users] Some questions concerning security in Condor

[Mark Calleja <mcal00@xxxxxxxxxxxxx>]

Hi chaps,

In another round of security based questions, could anyone please give 
informative answers to the following with which we can approach our 
computing services people? These are their main points of concern before 
agreeing to adopt Condor for a campus wide grid.

- If using GSI authentication, who needs to (and who can) access the
  private keys of the X.509 certificates?

- Is Condor designed so that its processes only use root privilege if it
  is vital that they do so?  What are the consequences if these processes
  do not have root privilege (i.e. are there any consequences not
  mentioned in the current documentation?)?  Why do the processes which
  run as root need to do so?

- What is the flow of privilege on the submit machine from the moment a 
  user types "condor_submit" to job completion?

- In Condor pools, how sensitive is communication - particularly TCP
  communication - between machines to minor network interruprions (e.g.
  network 'glitches' of 1 second or less)?

- Do submit and execution machines communicate with each other via TCP,
  UDP or both?  Does the submit machine initiate the communication, or
  the execute machine?

- If a machine other than the central manager were 'polled' via UDP from a
  "hostile" source to whom would it reply - the central manager or the
  "hostile" source?


Cheers,

Mark

--
Department of Earth Sciences, University of Cambridge
Downing Street, Cambridge CB2 3EQ, UK
Tel. (+44/0) 1223 333408, Fax  (+44/0) 1223 333450
http://www.esc.cam.ac.uk/~mcal00


Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>