> Just a couple-
> Probably shouldn't ignore the shadow file for the event that a root login
> is needed (it keeps root's local pw too, right?). Besides, it only sync's
> if it's actually changed.
Yep. I always forgot that some nodes have local consoles and that you
can reach them without SSH ;-)
> You mentioned that the nodes don't have access to the outside world in
> OSCAR. I don't remember how many versions ago it changed, but this isn't
> the case anymore- by default, private subnetted nodes can see the world,
> but the world can't see them of course. I don't know how LDAP works or
> doesn't work in this scenario, where the nodes aren't available for reverse
> lookup. Are you using an OSCAR version (or pfilter config) which provides
> NAT/firewalling? It may simplify much of this. I wonder about NIS in this
> configuration too. Anyone have any experience or know if there are issues
> with NAT and NIS or LDAP?
In our case, we disallow extrenal traffic from the subnet.
If you allow communication, LDAP is working fine (tested).
Disadvantages:
- jobs will not start if your authentification server is down.
(tested to) as the user don't exist on the computer
[ - you generate additional network traffic for this on the master node]
With the proposed integration in the OPIUM mechanism, you have a certain
freedom : depending on the opium choosen CRON frequence, you can live a
certain time without authentification problem. Network trafic is much
smaller because only one computer (the master node) have to contact the
external authentification service.
Ben
--
Benoit des Ligneris Etudiant au Doctorat -- Ph. D. Student
Web : http://benoit.des.ligneris.net/
Mydynaweb Developpe(u)r: http://mydynaweb.net/
Centre de Calcul Scientifique http://ccs.USherbrooke.ca/
OSCAR Symposium-May 11-14 http://oscar2003.ccs.USherbrooke.ca/
-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb:
Dedicated Hosting for just $79/mo with 500 GB of bandwidth!
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Oscar-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/oscar-devel