Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 662598

Summary: [RFE] authenticate user ability to work with jobs in condor via qmf
Product: Red Hat Enterprise MRG Reporter: Martin Kudlej <mkudlej>
Component: condor-qmfAssignee: Pete MacKinnon <pmackinn>
Status: CLOSED DUPLICATE QA Contact: MRG Quality Engineering <mrgqe-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.3CC: iboverma, jneedle, matt
Target Milestone: 2.1Keywords: FutureFeature, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-23 20:56:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 649919    
Bug Blocks:    

Description Martin Kudlej 2010-12-13 10:33:43 UTC 
Description of problem:
Now only authenticated user "cumin" can work with Condor QMF jobs, see bug 644041. I think all authenticated users in broker should work(Submit/Hold/Remove/Release) with Condor QMF jobs without QUEUE_ALL_USERS_TRUSTED=True in Condor configuration.

Version-Release number of selected component (if applicable):
MRG 1.3.0.1

How reproducible:
100%

 
Actual results:
Only authenticated user "cumin" can work with Condor QMF jobs.

Expected results:
All authenticated broker users can work with Condor QMF jobs.
Comment 2 Pete MacKinnon 2011-02-02 00:04:16 UTC 
We need proper QMF agent-side ACL for this to be properly implemented in the 2.0 timeframe.

Ted, any thoughts or update on this?
Comment 4 Matthew Farrellee 2011-11-22 02:02:25 UTC 
QUEUE_ALL_USERS_TRUSTED=TRUE is not necessary, see bug 644041. Authentication is performed by the broker and authorization by the Scheduler object. Current (7.6.5-0.7) authorization restricts access to the "cumin" user only. If this was intended to be an RFE to allow authorization of users beyond "cumin", please open a BZ describing that. Also, note that implementation of such a feature should occur in the QMF library and currently depends on bug 649919.