[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [condor-users] More condor / kerberos trouble.

> Given that we need to move to kerberos authentication to allow Condor jobs 
> to access other machines, what is the best way to proceed? Prior to 
> submitting the job, the user can, if required, obtain a machine principal 
> of the type e898/e898/machine.fnal.gov@xxxxxxxx, but it's unclear what 
> Condor would do with this.

this would likely work.  condor assumes the user is everything up to the
first slash or '@' sign.  so in this case, it would assume e898, which would
match the output of `whoami` and would not result in the security violation
you encountered.

better and more flexible credential management is something we are actively
working on, but for now hopefully the above will work for you.


Condor Support Information:
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>