[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] host based authentication for condor_submit -remote
- Date: Wed, 27 Jul 2016 17:31:42 -0500
- From: Todd L Miller <tlmiller@xxxxxxxxxxx>
- Subject: Re: [HTCondor-users] host based authentication for condor_submit -remote
Does the host based auth do any kind of validation that one user isn't
claiming to be another user on that host?
Not as far as I know.
Can you do something like run a stub schedd on your local machine that
has no actual queue, but submits the job on to the remote schedd with
its own creds vouching for the user validated via FS?
There's also REMOTE_FS (if the hosts share a filesystem), but I'm
pretty sure the answer to your question is yes. Since FS is inherently
local, you should be able to set your authentication methods to, say, FS
and PASSWORD; if the password is readable only by root, then you know that
only the daemons can authenticate to a remote host.
Configuring the schedd to automatically forward the jobs is a lot
harder and depends on what exactly you want to accomplish. See my earlier
message ("Centralized job handling by central admin") to this list for a
few options.
- ToddM