right - I don't have a problem with rsh as an internal cluster spawn
method.
though since you almost certainly also have sshd running, it makes sense
to have fewer daemons.
It's okay for a small cluster where you have really good control over
the users.
Now, THAT'S a very dangerous mindset. Even if you can be 100% sure
there are no bad apples among your users, every single HPC related
intrusion I'm aware of the last couple of years has started off by
stealing passwords or keys and masquerading as legitimate users.
this is wandering pretty far afield. a cluster, to my way of thinking,
is intended to act as a single resource, and as such is a single trust
domain. rsh is perfectly fine because it's not trivially insecure -
some other hole has to exist if you're going to use it to escalate privs.
similarly, NFS's lack of real authentication.
if you want to harden a cluster to untrusted external users, it could
be done, but would take quiet a bit of effort, unless you restrict
how it behaves. for instance, if users can only run canned apps via
a web interface, you're off to a pretty good start. letting them
upload anything at all (possibly even non-executables) provides a
possibly exploitable mechanism.
it would be interesting to try this - connecting to the cluster gets
you a VM or containerized environment where you can't see anyone else,
and where the only access you have to the cluster is through queue
commands. your jobs would then run in a similar VM/container cloned
when you submit them. I suppose some people would like this, but it
would be inappropriate and unpopular to my user community (as well as
probably a lot more work and a lot less efficient.)
_______________________________________________
Beowulf mailing list, [email protected]
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
