Re: [HTCondor-users] dirty AFS hook stuff?

[Brian Bockelman <bbockelm@xxxxxxxxxxx>]

On Nov 11, 2013, at 11:05 AM, Rich Pieri <ratinox@xxxxxxx> wrote:

> Brian Bockelman wrote:
>> This means that an implementation is mostly a matter of finding
>> someone who understands AFS and HTCondor well enough to copy/paste
>> the relevant code.
> 
> Doing it right is not that simple at all. It's not a matter of copying
> code. It's a matter of forwarding Kerberos tickets to every node in a
> Condor pool, nodes that may not be secure.
> 
> I'm running a desktop pool. Most of the nodes in my pool are on or under
> users' desks. These nodes have little or no physical access controls. It
> would be trivial for a malicious user to install a compromised version
> of the Condor daemons that send copies of forwarded Kerberos tickets to
> that malicious user. At this point said malicious user can masquerade as
> anyone who's jobs run on those compromised nodes.
> 

While these are important questions, this is nothing new.  These issue are completely analogous to the GSI case (including limitations).  It's also not secure send X509 proxies to untrusted nodes.

If you send security tokens along with your HTCondor job, the workers in your HTCondor pool can act as your user within that security domain.  This is true regardless of AFS / KRB5 / GSI / sending shared passwords.

Brian