Both sides previous revisionPrevious revisionNext revision | Previous revision |
condor:installation:network [2011/07/28 19:02] – changed UID and GID to 64 garrettheath4 | condor:installation:network [2012/08/09 19:18] (current) – [Configure Authentication] fixed sentence fragment garrettheath4 |
---|
<code bash>cat /etc/passwd | grep ^condor:</code> | <code bash>cat /etc/passwd | grep ^condor:</code> |
**If you get a match**, first reset its settings in case the user wasn't created correctly. | **If you get a match**, first reset its settings in case the user wasn't created correctly. |
<code bash>sudo groupmod -g 1610 condor | <code bash>sudo groupmod -g 64 condor |
sudo usermod -c "Owner of Condor Daemons" -d "/var/lib/condor" -m -u 1344 -g condor -s "/sbin/nologin" -L condor</code> | sudo usermod -c "Owner of Condor Daemons" -d "/var/lib/condor" -m -u 64 -g condor -s "/sbin/nologin" -L condor</code> |
:!: If you get a message that says that the directory ''/var/lib/condor'' already exists, run this command next: | :!: If you get a message that says that the directory ''/var/lib/condor'' already exists, run this command next: |
<code bash>sudo chown -R condor:condor /var/lib/condor</code> | <code bash>sudo chown -R condor:condor /var/lib/condor</code> |
| |
**If you do not get a match**, you need to manually add the user. To do this, run: | **If you do not get a match**, you need to manually add the user. To do this, run: |
<code bash>sudo groupadd -g 1610 condor | <code bash>sudo groupadd -g 64 condor |
sudo useradd -c "Owner of Condor Daemons" -d "/var/lib/condor" -m -u 1344 -g condor -s "/sbin/nologin" condor | sudo useradd -c "Owner of Condor Daemons" -d "/var/lib/condor" -m -u 64 -g condor -s "/sbin/nologin" condor |
sudo usermod -L condor</code> | sudo usermod -L condor</code> |
| |
| |
=====Configure Authentication===== | =====Configure Authentication===== |
Our Condor system's global configuration file, access to Condor is restricted to certain machines and usernames. Whenever Condor receives a request, it first checks to see if the requester is allowed to make such a request. Unfortunately, the requesting machine can lie about who it is and therefore "spoof" Condor into thinking the request is coming from a valid source. In order to help prevent this from happening, Condor uses basic authentication to protect it from computers disguised as valid members of its pool. This authentication takes the form of an encrypted password. When Condor starts, it will read the configuration files to figure out where the password is stored. As listed in the global configuration file as the ''SEC_PASSWORD_FILE'' configuration variable, the password is stored as ''/var/lib/condor/pool_password'' with root-only access. In order for machines to be added to the Condor pool, this file __must be manually copied__ from an existing member of the pool to the new member. Once copied, this file must be owned by ''root'' and have read and write access to the owner but all other permissions disabled (mode ''0600''). | As specified in our Condor system's global configuration file, access to Condor is restricted to certain machines and usernames. Whenever Condor receives a request, it first checks to see if the requester is allowed to make such a request. Unfortunately, the requesting machine can lie about who it is and therefore "spoof" Condor into thinking the request is coming from a valid source. In order to help prevent this from happening, Condor uses basic authentication to protect it from computers disguised as valid members of its pool. This authentication takes the form of an encrypted password. When Condor starts, it will read the configuration files to figure out where the password is stored. As listed in the global configuration file as the ''SEC_PASSWORD_FILE'' configuration variable, the password is stored as ''/var/lib/condor/pool_password'' with root-only access. In order for machines to be added to the Condor pool, this file __must be manually copied__ from an existing member of the pool to the new member. Once copied, this file must be owned by ''root'' and have read and write access to the owner but all other permissions disabled (mode ''0600''). |
| |
=====Configure Firewall===== | =====Configure Firewall===== |