Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |
| condor:installation:network [2011/07/28 19:13] – changed other occurences of condor UID and GID to 64 garrettheath4 | condor:installation:network [2012/08/09 19:18] (current) – [Configure Authentication] fixed sentence fragment garrettheath4 |
|---|
| |
| =====Configure Authentication===== | =====Configure Authentication===== |
| Our Condor system's global configuration file, access to Condor is restricted to certain machines and usernames. Whenever Condor receives a request, it first checks to see if the requester is allowed to make such a request. Unfortunately, the requesting machine can lie about who it is and therefore "spoof" Condor into thinking the request is coming from a valid source. In order to help prevent this from happening, Condor uses basic authentication to protect it from computers disguised as valid members of its pool. This authentication takes the form of an encrypted password. When Condor starts, it will read the configuration files to figure out where the password is stored. As listed in the global configuration file as the ''SEC_PASSWORD_FILE'' configuration variable, the password is stored as ''/var/lib/condor/pool_password'' with root-only access. In order for machines to be added to the Condor pool, this file __must be manually copied__ from an existing member of the pool to the new member. Once copied, this file must be owned by ''root'' and have read and write access to the owner but all other permissions disabled (mode ''0600''). | As specified in our Condor system's global configuration file, access to Condor is restricted to certain machines and usernames. Whenever Condor receives a request, it first checks to see if the requester is allowed to make such a request. Unfortunately, the requesting machine can lie about who it is and therefore "spoof" Condor into thinking the request is coming from a valid source. In order to help prevent this from happening, Condor uses basic authentication to protect it from computers disguised as valid members of its pool. This authentication takes the form of an encrypted password. When Condor starts, it will read the configuration files to figure out where the password is stored. As listed in the global configuration file as the ''SEC_PASSWORD_FILE'' configuration variable, the password is stored as ''/var/lib/condor/pool_password'' with root-only access. In order for machines to be added to the Condor pool, this file __must be manually copied__ from an existing member of the pool to the new member. Once copied, this file must be owned by ''root'' and have read and write access to the owner but all other permissions disabled (mode ''0600''). |
| |
| =====Configure Firewall===== | =====Configure Firewall===== |
