Condor uses delegation to transfer X509 credentials over a network connection. There's a config parameter to tell it to simply copy the credentials instead.
-- Jaime On Aug 22, 2007, at 10:55 AM, Matthew Farrellee wrote:
Will you explain the difference to me? I thought delegation means that arestricted certificate is created for the user (restricted in itsexpiration time), but that delegated certificate still has private bits. The delegated certificate (proxy cert?) is actually transferred via theX509_USER_PROXY attribute in job ads. matt Alain Roy wrote:No, it's delegated, not transferred. -alain At 09:57 AM 8/22/2007 -0500, Matthew Farrellee wrote:Unless I'm mistaken in situations like Condor-C/Condor-G a user's certificate, or proxy certificate, will actually be transferred (itcontains private bits) between machines. I honestly hope I'm mistaken.matt Ian Alderman wrote:I'm not sure what you mean by passing certificates around: do you meanhttps://www.redhat.com/archives/fedora-devel-list/2007-August/ msg01594.htmlpassing keys around? I don't think Condor does that any more.I think Condor only uses certificates if the SSL or GSI authenticationmethods are employed. -Ian On Wed, Aug 22, 2007 at 08:22:26AM -0500, Matthew Farrellee wrote:I can think of a few reasons why Condor might not be able to get FIPS140-2 certification, such as passing certificates around between machines. Can anyone think of others or clarify how extensively certificates are needed directly by Condor?
+--------------------------------+-----------------------------------+ | Jaime Frey | I used to be a heavy gambler. | | jfrey@xxxxxxxxxxx | But now I just make mental bets. | | http://www.cs.wisc.edu/~jfrey/ | That's how I lost my mind. | +--------------------------------+-----------------------------------+