Connie Sieh wrote:
On Thu, 19 Jul 2007, Brett Viren wrote:
Hi Michael,
Michael Hannon <[EMAIL PROTECTED]> writes:
I'd like to know how others are dealing with this. Is anybody using
Ubuntu clients with SL servers for instance? Any other words of
wisdom on this topic?
In our group we run Debian on our cluster, workstations and some
laptops. We are collaborators on two experiments that have picked
some flavor (MINOS with SLF and Daya Bay with SLC) of SL as the
dominant platform. For the most part there are no problems in terms
of client/server communication.
The two real issues I have experienced are:
1) Fermi Kerberos (not really an SL issue, per se). Debian's
openssh-client package does't have kerberos support and if you use the
kerberized ones and place your workstation inside FNAL.GOV realm you
will suffer long timeouts when connecting to systems not known to the
realm servers. For this reason I run the standard openssh client and
keep an "ssh-krb" client for when logging in to FNAL.
Since Ubuntu is based on Debian I assume the openssh in Ubuntu is not
kerberized?
-connie sieh
Ubuntu has a ssh-krb5 package that will replace the openssh packages, as
Brett said. This plays fine with FNAL kerberos, for the time being.
But this is ostensibly going to change as we all go through the fits and
starts of getting stuff migrated from using the "gssapi" authentication
to the "gssapi-with-mic" authentication. I successfully run an Ubuntu
installation and just use the ssh-krb5 binaries for all uses, but it's
not inside the FNAL.GOV realm, I just use kinit when I have a need to
ssh to a machine in the realm.
-Brian
