Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Windows pool, how to remove security

We run an all-Windows 7x64 HTC pool. I want to remove all the security stuff; what's the best way? I gave it a try via:

All machines' condor_config (only changes shown):

SEC_CONFIG_NEGOTIATION = NONEÂ # these were all REQUIRED
SEC_CONFIG_AUTHENTICATION = NONE
SEC_CONFIG_ENCRYPTION = NONE
SEC_CONFIG_INTEGRITY = NONE

CM's condor_config:

# Set security settings so that full security to the credd is NOT REQUIRED
CREDD.SEC_DEFAULT_AUTHENTICATION =NONE # these were all REQUIRED
CREDD.SEC_DEFAULT_ENCRYPTION = NONE
CREDD.SEC_DEFAULT_INTEGRITY = NONE
CREDD.SEC_DEFAULT_NEGOTIATION = NONE

However I get complaints e.g. CredLog:

07/21/14 21:27:37 PERMISSION DENIED to unauthenticated@unmapped from host 10.159.20.142 for command 81100 (CREDD_NOP), access level DAEMON: reason: DAEMON authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.159.20.142,BDOMO-024.ad.water.ca.gov, hostname size = 1, original ip address = 10.159.20.142
07/21/14 21:28:41 IPVERIFY: checking BDOMO-005 against 10.159.20.114
07/21/14 21:28:41 IPVERIFY: matched 10.159.20.114 to 10.159.20.114
07/21/14 21:28:41 IPVERIFY: ip found is 1
07/21/14 21:28:41 PERMISSION DENIED to unauthenticated@unmapped from host 10.159.20.114 for command 81099 (CREDD_GET_PASSWD), access level DAEMON: reason: DAEMON authorization policy contains no matching ALLOW entry for this request; identifiers used for this host: 10.159.20.114,BDOMO-005, hostname size = 1, original ip address = 10.159.20.114

WHY I WANT TO REMOVE ALL THE SECURITY STUFF
I'm the only one using the pool (~ 100 cores on at most 20 machines in a small LAN). Nothing "sensitive" is being done, and I've had troubles for years with pool passwords etc acting up and not being able to run on machines in the pool. Frankly I don't fully understand the security stuff, and because I don't need it just wish to shut it off once and for all.

Note: I have tried over the years to understand this and get it properly set, but it acts dodgy and I'm not convinced I'm 100% the cause of it. Windows seems to have problems in this regard. So no, I don't want to try more to get all the security "right", I've tried several times on these lists, it doesn't work. Just shut it off, thanks.