Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [condor-users] Some questions concerning security in Condor
- Date: Mon, 23 Feb 2004 23:40:50 +0200
- From: Mark Silberstein <marks@xxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Re: [condor-users] Some questions concerning security in Condor
Are you planning to use Condor only for *NUX based systems? GSI for
Windows is still not available, is it?
As for TCP wrappers - I guess no, since the daemons are not built to
work with inetd/xinetd, which is the only way ( from my understanding )
to work with TCP wrappers.
I'm curious to here the answers from GURUs.
Mark
On Mon, 2004-02-23 at 19:55, Mark Calleja wrote:
> Hi Chaps,
>
> In order to win over our computing services guys and get them to
> consider putting Condor on campus-wide facilities, I'd be grateful if
> anyone can answer some of the questions that have been raised, and
> detailed below. I'd like say that by fielding these questions we are in
> no way implying any sort of slur on any aspects of Condor, but I have
> been warned that some people/organizations can feel slighted at having
> the security of their products questioned. We mean no such offence.
>
> 1) Does Condor support TCP_wrappers?
>
> 2) Has anyone done a security assesment/audit of Condor? If so, can we
> see the results?
>
> 3) Section 3.7.4.1, "GSI Authentication" in the Condor v6.6 manual
> implies that the distinguished name of certificates for the Condor
> daemons should be of the form:
>
> /C=?/O=?/O=?/OU=?/CN=<daemon_name@domain>
>
> which is not of the same form as the distinguised name of certificates
> issued by the UK e-Science CA. So, is it the case that the distinguised
> name of certificates for the Condor daemons has to be of the form given
> above, or is this just an example? For comparison, the UK e-Science CA
> issues user certificates with distinguished names of the form:
>
> /C=UK/O=eScience/OU=?/L=?/CN=<name of user>
>
> host/server certificates with distinguished names of the form:
>
> /C=UK/O=eScience/OU=?/L=?/CN=<hostname>/Email=<some_name@domain>
>
> and service certificates with distinguished names of the form:
>
>
> /C=UK/O=eScience/OU=?/L=?/CN=<service>/<hostname>/Email=<some_name@domain>
>
> Thanks for any help,
>
> Mark
Condor Support Information:
http://www.cs.wisc.edu/condor/condor-support/
To Unsubscribe, send mail to majordomo@xxxxxxxxxxx with
unsubscribe condor-users <your_email_address>