Mailing List ArchivesPublic Access |
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesPublic Access |
|
Given that we need to move to kerberos authentication to allow Condor jobs to access other machines, what is the best way to proceed? Prior to submitting the job, the user can, if required, obtain a machine principal of the type e898/e898/machine.fnal.gov@xxxxxxxx, but it's unclear what Condor would do with this.
this would likely work. condor assumes the user is everything up to the first slash or '@' sign. so in this case, it would assume e898, which would match the output of `whoami` and would not result in the security violation you encountered.
better and more flexible credential management is something we are actively working on, but for now hopefully the above will work for you.
Thanks, Chris.
cheers, -zach
Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>
-- Chris Green, MiniBooNE / LANL. Email greenc@xxxxxxxx Tel: (630) 840-2167. Fax: (630) 840-3867 Condor Support Information: http://www.cs.wisc.edu/condor/condor-support/ To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with unsubscribe condor-users <your_email_address>