[Condor-users] clarification on Windows credentials for condor use?

[Matthijs van der Meer <M.vanderMeer@xxxxxxxx>]

Dear condor-users,

I have a condor setup consisting of two Windows XP machines, one 
master/submit/execute ("A"), and one execute-only machine ("B"). I have 
not set up any authentication in either condor configuration apart from 
allowing read and write access to machines A and B only, based on their 
IP addresses. Jobs submitted on machine A successfully execute on 
machine B. However, I am worried about Windows passwords being sent 
unencrypted over the network.

Can someone confirm that no Windows passwords get sent? I could not find 
any explicit mention of this in the documentation.

In that case, by what mechanism can user X submit a job on machine A, 
which then gets executed on machine B, without any passwords being sent*?

Thanks!

- Matthijs


(*My understanding of how it might work, based on reading mailing list 
archives, is something like the following: the job on B actually gets 
run as some sort of special user which has few privileges. However, when 
files need to be written ( e.g. the job executable, or input file) on B, 
user credentials are needed. These are not actually transferred over the 
network, but are stored on B (and need to be added there using 
condor_store_cred). Those credentials must match an existing account 
(with the correct privileges) on B in order to work, and they must match 
the submitting user's credentials on A (not sure about this part).)