At the risk of initiating a flamefest, we're seeing an interesting
number of scientific users who can find their way around a workstation
or cluster just fine, thank you very much, but who appear to check their
intelligence at the door of the lab when they want a grid-enabled
application to run. I've been told it's too hard, not intuitive enough,
doesn't look like my Windows (or Mac!) desktop, etc.
And, further, wandering into security, folks who I've known and
respected for years appear to abandon all control over their security to
a Pix now for grid-enabled clusters. Go figure.
Globus, viewed as a framework of applications, is making some good moves
to alleviate some of the problems I've been hearing about. That's a
good thing. I've also learned recently of work by the Global Grid Forum
on security with particular interest in grid-capable (whatever that
really means) firewalls. I'm gonna follow that activity with some
degree of interest.
gerry
Mark Hahn wrote:
This is all still possible. Globus doesn't require you to surrender
any control to anyone else.
but if you don't use the sort of trust-delegation stuff, what's the point?
I'm pretty happy with ssh, which is secure, and requires no configuration.
Yes, but the remote users really don't want to learn Yet Another
Account Name
and password. Globus lets them use their Globus name, and you as the
resource
owner to create whatever accounts you want. Globus does the translating
between the two, so everyone is happy.
hmm, I find that users can most often have the same username everywhere,
and identity+agent-based ssh means never needing passwords.
but I don't think the choice of auth method really matters to this
discussion: a user authenticates to a login node and submits jobs;
the user is trusting that the job system will create the same environment
when the job is run. if either the login or execution nodes are
compromised, the user is pretty much vulnerable...
_______________________________________________
Beowulf mailing list, [email protected]
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
--
Gerry Creager -- [EMAIL PROTECTED]
Texas Mesonet -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.862.3983
Office: 1700 Research Parkway Ste 160, TAMU, College Station, TX 77843
_______________________________________________
Beowulf mailing list, [email protected]
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
