[condor-users] Migrating to Proper Authentication

[Alexander Klyubin <A.Kljubin@xxxxxxxxxxx>]

Hello!

I'm running a Condor cluster on Windows and Linux machines. So far I'm 
using host-based authentication. I'd like to migrate to proper 
authentication, for example, GSS.

The problem is that Condor documentation doesn't exactly tell much about 
the concepts and problems related with GSS or Kerberos authentication. 
Hopefully, somebody is already using these and can shed some more light 
on the issues. I have a couple of questions.

Question 1. Machine certificates.
I assume I have to install my central manager's certificate is installed 
on all other machines in the pool. I also assume that certificates of 
each of the machines in the pool should be made available to the central 
manager as well.

Now, if A and B are two machines in the pool, is it required that A has 
B's certificate and B has A's one or does all of the authentication go 
via the central manager?


Question 2. User certificates.
Does each machine have to have a list of user certificates which are 
allowed to access it?


Question 3. User Proxies.
Condor manual mentions that one has to generate some sort of a user 
proxy in order to submit jobs when using GSS authentication. The manual 
also mentions that the proxies are placed into a temporary directory and 
can also expire after some time.

What happens if the submission machine gets rebooted?

What happens if the job does not complete on time and the proxy expires?



Kind Regards,
Alexander Klyubin

Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>