Re: [Condor-users] Condor WS BirdBath security questions

[Matthew Farrellee <matt@xxxxxxxxxxx>]

Nathan,

BirdBath supports SSL mutual-authentication as of Condor 6.8. There  
is a tutorial online from Condor Week 2006 that explains how to use  
authentication.

	http://www.cs.wisc.edu/condor/CondorWeek2006/presentations/ 
farrellee_tannenba_APIs.ppt

I don't know the specifics of the GridSAM plugin. I believe it  
converts job descriptions into ClassAds for submission to Condor and  
was written before the SSL authentication support was added to  
BirdBath. Though, if you follow the tutorial you may not need to  
change anything about the GridSAM plugin to use authentication.

Best,


matt

On Aug 21, 2006, at 10:20 AM, Nathan Harmston wrote:

> Hi,
>
> In order to use the Condor WS (BirdBath), it must be configured that
> Condor allows anonymous users to submit jobs. This of course to my
> departments SysAdmin seems very insecure. The problem occurs during  
> the
> creation of a cluster for submission of a job and then when u submit a
> job, you only need a username (which doesnt map to an allowed user of
> the pool?), letsthrashtheharddrive.sh springs to mind.
>
> Is there anyway to work around this and force Condor to authenicate
> users through the webservices interface ?
> Are there any plans to implement better security functionality in
> BirdBath anytime soon?
> I ve seen a paper integrating GridSAM and Condor and was wondering if
> anyone knew about the security model used in this? Is GridSAM  
> submitting
> via the Condor DRM anonymously or can this be setup differently?
>
> Thanks
>
>
> Nathan
>
>
> PS The paper btw is Condor BirdBath - Web Service Interfaces to  
> Condor -
> AHM 2005