Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] Authentication methods in Condor
- Date: Wed, 16 Jun 2004 14:13:20 +0100 (BST)
- From: Bruce Beckles <mbb10@xxxxxxxxx>
- Subject: [Condor-users] Authentication methods in Condor
I would like to know whether there are any cross-platform
(strong) authentication methods provided by Condor - from talking to
some of the Condor Team at this year's Condor Week I believe this is the
case (or was then), but I wonder whether this is still the case and
whether we can expect it to change in the (near) future.
As I understand it the available authentication methods are:
- GSI authentication (Linux only)
- Kerberos authentication (Linux only)
- Windows NTSSPI authentication (Windows only)
- File System authentication (Linux, but what about Windows?)
- Remote File System authentication (Linux, but what about Windows? Does
this still exist?; doesn't seem to be
mentioned in the manual any more)
- Claim To Be authentication (i.e. no authentication; all platforms?)
- Anonymous authentication (i.e. skip authentication checks; all platforms?)
I understood (perhaps incorrectly) that it would not be too hard to
enable Kerberos authentication under Windows for Condor, whilst GSI
authentication under Windows requires the Globus Alliance to produce a
stable Windows implementation of GSI (currently a low priority for them?).
So what I would like to know is:
- Would someone from the Condor Team 'clarify' the question marks in my
list above?
- Please, please could the Condor documentation clearly state for which
platforms each authentication method is supported? At the moment the
only authentication method which it indicates is platform specific is
"Windows Authentication" (NTSSPI) - Section 3.7.4.4.
- When can we expect Kerberos authentication to be supported by Condor for
Windows platforms?
- When using Kerberos authentication (under Linux) can the Condor daemons
authenticate off a Windows 2000 or Windows 2003 Server domain controller
(which are 'really' Kerberos domain controllers in disguise)?
Thanks,
Bruce
--
Bruce Beckles,
e-Science Specialist,
University of Cambridge Computing Service.