Re: [Condor-devel] Has Condor considered NSS?

[Matthew Farrellee <matt@xxxxxxxxxxx>]

Will you explain the difference to me? I thought delegation means that a 
restricted certificate is created for the user (restricted in its 
expiration time), but that delegated certificate still has private bits. 
The delegated certificate (proxy cert?) is actually transferred via the 
X509_USER_PROXY attribute in job ads.


matt

Alain Roy wrote:
> No, it's delegated, not transferred.
>
> -alain
>
> At 09:57 AM 8/22/2007 -0500, Matthew Farrellee wrote:
> > Unless I'm mistaken in situations like Condor-C/Condor-G a user's
> > certificate, or proxy certificate, will actually be transferred (it
> > contains private bits) between machines. I honestly hope I'm mistaken.
> >
> >
> > matt
> >
> > Ian Alderman wrote:
> > > I'm not sure what you mean by passing certificates around: do you mean
> > > passing keys around?  I don't think Condor does that any more.
> > >
> > > I think Condor only uses certificates if the SSL or GSI authentication
> > > methods are employed.
> > >
> > > -Ian
> > >
> > > On Wed, Aug 22, 2007 at 08:22:26AM -0500, Matthew Farrellee wrote:
> > >> 
> > https://www.redhat.com/archives/fedora-devel-list/2007-August/msg01594.html 
> >
> > >>
> > >> I can think of a few reasons why Condor might not be able to get FIPS
> > >> 140-2 certification, such as passing certificates around between
> > >> machines. Can anyone think of others or clarify how extensively
> > >> certificates are needed directly by Condor?
> > >>
> > >> Best,
> > >>
> > >>
> > >> matt
> > >> _______________________________________________
> > >> Condor-devel mailing list
> > >> Condor-devel@xxxxxxxxxxx
> > >> https://lists.cs.wisc.edu/mailman/listinfo/condor-devel
> > _______________________________________________
> > Condor-devel mailing list
> > Condor-devel@xxxxxxxxxxx
> > https://lists.cs.wisc.edu/mailman/listinfo/condor-devel