[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] host based authentication for condor_submit -remote
- Date: Wed, 27 Jul 2016 10:28:31 -0500
- From: Todd L Miller <tlmiller@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] host based authentication for condor_submit -remote
If you just want host-based authentication, you probably want to enable
the CLAIMTOBE mode: that allows the client to simply assert an identity,
and the server will believe it.
You don't normally have to do this, and probably don't want to;
CLAIMTOBE is mostly intended for debugging. What you probably want to do
instead is reconfigure HTCondor to not require authentication at all --
host-based authorization at least checks DNS entries against the peer
address of incoming connections, but CLAIMTOBE does nothing at all.
The default for SEC_DEFAULT_AUTHENTICATION is OPTIONAL, so you
don't normally have to do anything to use host-based authorization. If
you've changed that in your configuration, you may have to change it back.
(HTCondor can use both host-based authorization and GSI/kerberos/etc
authentication simultaneously, but it's trickier to configure.)
- ToddM