Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] kerberos and condor

Andoni Olozaga wrote: 
i am trying to set up kerberos authentication on
condor using linux machines.
i don't understand the instruction of the manual very
well, maybe due to my good english :-)
my questions are:
- the macros have to be defined in the
condor_config.local file haven't they???


Yes - you could define them in your condor_config.local file.

- does the kerberos server have to be install on the
condor server or can i install in another dedicated
machines???

You need not install Kerberos authentication server on a condor server - you could install it on a different machine.

- if i can install it in a dedicated machine where
would  I indicate it???

Using the KERBEROS_MAP_FILE and related macros in the config file. Do check http://www.cs.wisc.edu/condor/manual/v6.7/3_7Security_In.html#SECTION00473200000000000000

Briefly, here are the steps that we used for configuring kerberos based authentication -

0. Make sure the clocks of all your machines are in synch (we use NTP)

1. Install KDC, establish realm and the user principal that you want your condor daemons to use (http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.5/doc/krb5-install.html#Installing%20Kerberos%20V5
and http://www.informit.com/guides/content.asp?g=security&seqNum=31&rl=1 describe how to do this). You may also want to create user accounts and make sure you can obtain tickets for these from any condor host.

2. Define the kerberos map file and other authentication settings in your config file and startup your daemons.

Let me know if this works for you.
--
Rajesh Rajamani
Senior Member of Technical Staff
Direct : +1.408.321.9000
Fax    : +1.408.904.5992
Mobile : +1.408.321.9030
raj@xxxxxxxxxx


Optena Corporation
2860 Zanker Road, Suite 201
San Jose, CA 95134
www.optena.com


This electronic transmission (and any attached documents) contains information from Optena Corporation and is for the sole use of the individual or entity it is addressed to. If you receive this message in error, please notify me and destroy the attached message (and all attached documents) immediately.