Alexey, Please forgive the delay in response. I'm heavily involved with a PS engagement/deployment for the next couple of weeks (this one included) and free time is sparse. This is important though so I will be working on it so again please forgive any delays in response.
We use the daemon for AD user/group resolution, access control, and authentication for cluster users at the edge (AD joined job submission nodes, data transfer nodes, etc.) and internally (compute nodes using LDAP). Users are permitted to authenticate to compute nodes if they have active jobs on. The SLURM "pam_slurm_adopt.so" module controls that access, where AD groups do so on the cluster edge systems. Those same AD groups will be used for SLURM based quality of service settings as well in an internal database. The enterprise provides the AD environment and we have no appetite to implement a shadow AD or LDAP service for the research compute side of things. As mentioned, I've deployed hundreds of these configurations and this stateless configurations are the only one to behave this way. Very curious but as ephemeral systems are expectantly redeployed as a matter of operations, this nuance could certainly get annoying :-) . -- lawrence On Tue, Feb 18, 2025 at 3:14 AM Alexey Tikhonov <atikh...@redhat.com> wrote: > > What is different is these OS instances are Rocky 9.5 Linux containers > deployed as stateless systems. > > Also out of curiosity: how do you use SSSD in those containers? > What is the use case? > >
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
