Page History

Turn Off History

Not fully verified yet (and not just the flocking part).

{file central-manager.config} use security : strong

# (This section seems like it should be use security : user_based, # but that has host names all over it.)

ALLOW_ADMINISTRATOR = condor@* ALLOW_OWNER = condor@* ALLOW_READ = * ALLOW_WRITE = condor@* ALLOW_DAEMON = condor@* ALLOW_NEGOTIATOR = condor@*

# Flocking (completely untested). # Should the first entry be $(ALLOW_NEGOTIATOR)? ALLOW_NEGOTIATOR_SCHEDD = condor@* $(FLOCK_NEGOTIATOR_HOSTS) ALLOW_WRITE_COLLECTOR=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_WRITE_STARTD=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_READ_COLLECTOR=$(ALLOW_READ) $(FLOCK_FROM) ALLOW_READ_STARTD=$(ALLOW_READ) $(FLOCK_FROM)

# Enable IDTOKENS (for daemons) and FS (for users). SEC_DEFAULT_AUTHENTICATION_METHODS = FS, IDTOKENS

CONDOR_HOST = <this machine's external IP address>

# central manager -specific bits use role : CentralManager

# Allow IDTOKENS' promiscuous mode to work. Enable ANONYMOUS for DAEMON (token autorequest requires # authentication, probably to secure the channel) and for READ (for condor_status, because we required # all connections to be authenticated by enabling strong security). COLLECTOR.SEC_DAEMON_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS COLLECTOR.SEC_READ_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS # Authenticate the ANONYMOUS daemon, but do NOT authorize it. Since ALLOW_READ is already , we don't # need to repeat this for READ. COLLECTOR.DENY_DAEMON = CONDOR_ANONYMOUS_USER*/ {endfile}

{file submit.config} use security : strong

ALLOW_ADMINISTRATOR = condor@* ALLOW_OWNER = condor@* ALLOW_READ = * ALLOW_WRITE = condor@* ALLOW_DAEMON = condor@* ALLOW_NEGOTIATOR = condor@*

ALLOW_NEGOTIATOR_SCHEDD = condor@* $(FLOCK_NEGOTIATOR_HOSTS) ALLOW_WRITE_COLLECTOR=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_WRITE_STARTD=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_READ_COLLECTOR=$(ALLOW_READ) $(FLOCK_FROM) ALLOW_READ_STARTD=$(ALLOW_READ) $(FLOCK_FROM)

SEC_DEFAULT_AUTHENTICATION_METHODS = FS, IDTOKENS

use role : submit

# For admin and to set COLLECTOR_HOST. CONDOR_HOST = 18.235.233.46

# Allow any local user to submit jobs. ALLOW_WRITE = $(ALLOW_WRITE) *@$(HOSTNAME)

# For promiscuous mode (and condor_status and condor_q). SEC_READ_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS SEC_CLIENT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS {endfile}

{file execute.config} use security : strong

ALLOW_ADMINISTRATOR = condor@* ALLOW_OWNER = condor@* ALLOW_READ = * ALLOW_WRITE = condor@* ALLOW_DAEMON = condor@* ALLOW_NEGOTIATOR = condor@*

ALLOW_NEGOTIATOR_SCHEDD = condor@* $(FLOCK_NEGOTIATOR_HOSTS) ALLOW_WRITE_COLLECTOR=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_WRITE_STARTD=$(ALLOW_WRITE) $(FLOCK_FROM) ALLOW_READ_COLLECTOR=$(ALLOW_READ) $(FLOCK_FROM) ALLOW_READ_STARTD=$(ALLOW_READ) $(FLOCK_FROM)

SEC_DEFAULT_AUTHENTICATION_METHODS = FS, IDTOKENS

CONDOR_HOST = 18.235.233.46

use role : execute

# For promiscuous mode (and condor_status and condor_q, not that anyone # should ever run those on the execute node). SEC_READ_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS SEC_CLIENT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS {endfile}