How To Enable Ipv Six

Not logged in

• Browse
• Help
• Home
• Login
• Reports
• Search
• Timeline
• Wiki

• Contents
• No-Diff
• Text

 
 Later versions of Condor should remove all of these limitations.
 
-*: Authentication is not supported. _This is extremely insecure_.
+
 *: Microsoft Windows is not supported.
 *: Mixed IPv4/IPv6 pools are not supported.
 *: You must use NO_DNS=TRUE, with all of those ramifications.
+*: Security policies cannot use IP addresses, only hostnames.
 *: You must set NETWORK_INTERFACE to a specific IPv6 address.
 
 {section: Notes}
 
-*:In places where Condor is expecting an IP address and a port (e.g. "192.168.0.1:9618"), IPv6 addresses must be wrapped in [square brackets] (e.g. "[fe80::862b:2bff:fe98:65f2]:9618").
+*:In places where Condor is expecting an IP address and a port (e.g. "192.168.0.1:9618"), IPv6 addresses are wrapped in [square brackets] (e.g. "[fe80::862b:2bff:fe98:65f2]:9618").
+*:When using NO_DNS, IPv6 addresses are turned into hostnames by taking the IPv6 address, changing colons to dashes, and appending DEFAULT_DOMAIN_NAME.  So 2607:f388:1086:0:21b:24ff:fedf:b520 becomes 2607-f388-1086-0-21b-24ff-fedf-b520.example.com (assuming DEFAULT_DOMAIN_NAME=example.com)
 
 {section: Enabling IPv6}
 
 {code}
 NO_DNS = TRUE
-# NO_DNS requires a default domain name.  NO_DNS
-# creates artificial hostnames similar to
-# 2607-f388-1086-0-21e-68ff-fe0f-6462.example.com
-# where the first portion is the computer's IPv6 address
-# with dashes replacing the colons.  The second part
-# is the DEFAULT_DOMAIN_NAME.
+# NO_DNS requires a default domain name.
 DEFAULT_DOMAIN_NAME = example.com
 
 ENABLE_IPV6 = TRUE
@@ -36,21 +33,14 @@
 # This is the NO_DNS style name for the central manager
 COLLECTOR_HOST = 2607-f388-1086-0-21e-68ff-fe0f-6462.example.com
 
-ALLOW_READ=*
-ALLOW_WRITE=*
-ALLOW_ADMINISTRATOR=*
-ALLOW_CONFIG=*
-ALLOW_SOAP=*
-ALLOW_OWNER=*
-ALLOW_NEGOTIATOR=*
-ALLOW_DAEMON=*
+# This is example security configuration for a pool of three hosts.
+ALL_NODES_IN_POOL= 2607-f388-1086-0-21b-24ff-fedf-b520.example.com,2607-f388-1086-0-21e-68ff-fe0f-6462.example.com,2607-f388-1086-0-21e-68ff-fe1e-f9e.example.com
+ALLOW_WRITE = $(ALL_NODES_IN_POOL)
+ALLOW_READ = $(ALL_NODES_IN_POOL)
+ALLOW_ADMINISTRATOR = $(COLLECTOR_HOST)
+ALLOW_CONFIG =
+ALLOW_SOAP =
+ALLOW_OWNER = $(COLLECTOR_HOST),$(HOSTNAME)
+ALLOW_NEGOTIATOR= $(COLLECTOR_HOST)
+ALLOW_DAEMON= $(ALL_NODES_IN_POOL)
 {endcode}
-
-NETWORK_INTERFACE is required; used for detection of scope ids.
-
-
-
-{section: To Do}
-
-*: Is the changing meaning of $(HOSTNAME) with NO_DNS even present in IPv4?  File as a bug.
-*: Investigate authentication not working

This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Site built using CVSTrac.