Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Kerberos authentication.

Date: Fri, 16 Jan 2015 18:26:21 -0500
From: Richard Pieri <ratinox@xxxxxxx>
Subject: Re: [HTCondor-users] Kerberos authentication.

Active Directory is 100% compatible with vanilla Kerberos at least as
far as it goes (Microsoft tried to pull an embrace and extend on
Kerberos, got sued by MIT for it, backed down). The big annoyance is
that AD's name space is flat. Which is to say that you can't specify a
realm as part of the principal so you have to tailor the local krb5.conf
to use the domain controller as the default realm.

You do need to add users to the domain, analogous to creating principals
for users in a Kerberos realm.

Once you have authentication working you should peruse the Condor docs
and check the list archives for discussions about how to use Kerberos
authentication with job submissions.

-- 
Rich Pieri <ratinox@xxxxxxx>
MIT Laboratory for Nuclear Science

References:
- [HTCondor-users] Kerberos authentication.
  - From: Michael Murphy

Prev by Date: [HTCondor-users] Kerberos authentication.
Next by Date: [HTCondor-users] Parallel Universe Job Start
Previous by thread: [HTCondor-users] Kerberos authentication.
Next by thread: [HTCondor-users] Parallel Universe Job Start
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] Kerberos authentication.