Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
thank you very much for the information. it has been very useful for me. it was only a bad configuration in the kerberos client. Now i can authenticate when using the command "condor_status" but when i try to submit a job it says that it can't authenticate. I don't know why it can be, but i have put ethereal and i have a pre-authenticate error. isn't preauthentication supported??? i send my krb5.cnf and kdc.conf files because i suppose that it might be another configuration error. sorry but this is my first time with kerberos!!! thank very much --- Rajesh Rajamani <raj@xxxxxxxxxx> escribió: > Andoni Olozaga wrote: > > i am trying to set up kerberos authentication on > > condor using linux machines. > > i don't understand the instruction of the manual > very > > well, maybe due to my good english :-) > > my questions are: > > - the macros have to be defined in the > > condor_config.local file haven't they??? > > Yes - you could define them in your > condor_config.local file. > > > - does the kerberos server have to be install on > the > > condor server or can i install in another > dedicated > > machines??? > > You need not install Kerberos authentication server > on a condor server - > you could install it on a different machine. > > > - if i can install it in a dedicated machine where > > would I indicate it??? > > Using the KERBEROS_MAP_FILE and related macros in > the config file. Do > check > http://www.cs.wisc.edu/condor/manual/v6.7/3_7Security_In.html#SECTION00473200000000000000 > > Briefly, here are the steps that we used for > configuring kerberos based > authentication - > > 0. Make sure the clocks of all your machines are in > synch (we use NTP) > > 1. Install KDC, establish realm and the user > principal that you want > your condor daemons to use > (http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3.5/doc/krb5-install.html#Installing%20Kerberos%20V5 > and > http://www.informit.com/guides/content.asp?g=security&seqNum=31&rl=1 > > describe how to do this). You may also want to > create user accounts and > make sure you can obtain tickets for these from any > condor host. > > 2. Define the kerberos map file and other > authentication settings in > your config file and startup your daemons. > > Let me know if this works for you. > -- > Rajesh Rajamani > Senior Member of Technical Staff > Direct : +1.408.321.9000 > Fax : +1.408.904.5992 > Mobile : +1.408.321.9030 > raj@xxxxxxxxxx > > > Optena Corporation > 2860 Zanker Road, Suite 201 > San Jose, CA 95134 > www.optena.com > > > This electronic transmission (and any attached > documents) contains > information from Optena Corporation and is for the > sole use of the > individual or entity it is addressed to. If you > receive this message in > error, please notify me and destroy the attached > message (and all > attached documents) immediately. > > _______________________________________________ > Condor-users mailing list > Condor-users@xxxxxxxxxxx > https://lists.cs.wisc.edu/mailman/listinfo/condor-users > Student of the School of industrial engineering of bilbao ______________________________________________ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es
Attachment:
krb5.conf
Description: 3616868485-krb5.conf
Attachment:
kdc.conf
Description: 211316714-kdc.conf