On 7/30/06, Mark Hahn <[EMAIL PROTECTED]> wrote:
but if you don't use the sort of trust-delegation stuff, what's the point? I'm pretty happy with ssh, which is secure, and requires no configuration.
To get a certificate I have to give a passport and other details. If anything happens they not only have my details but the certificate can be revoked and it will prevent me from gaining access to the other institutions for which I have access. This seems easier than everyone running around locking down user accounts after a problem.
hmm, I find that users can most often have the same username everywhere, and identity+agent-based ssh means never needing passwords.
That's not true for everyone though and certainly not true for projects than i'm involved in. I totally agree with the previous post. It's a lot easier to manage. Okay, there's a bit more involved than reconfiguring ssh... I would have thought the problems wrt to security are dependent on the cluster architecture. I appreciate this is obvious and sounds simple. I know that on certain clusters i've seen that if someone gained root on a head node, regardless of whether or not they could gain access to other nodes, it would be pretty much game over for the entire cluster. In some respects I kind of agreed about the rsh comment in a previous post, but then it depends on your setup. -- Gerald Davies --------------------------------------------- w: http://www.geralddavies.com _______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
