On Sun, Feb 20, 2011 at 08:35:29AM -0500, Chris Jewell wrote:
On 20 Feb 2011, at 13:17, Dave Love wrote:
There's also a system reported at
http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf
which has integration for SLURM, but I don't know how difficult it would
be to integrate it with GE.
Thanks for the info.
Of course, the Kerberos security model is basically incompatible with
arbitrary length unattended batch jobs, experimental sessions, etc., and
you need to have control of your authentication and resource
infrastructure to make this sort of thing work. That doesn't mean
there's anything wrong with the model, but a capability system is
probably more appropriate for such applications.
Interesting. So what *is* the best security model for use with GE? Are we stuck with plain old NIS? Great for private clusters, but what about campus-wide grids?
Well, if you enforce hard wall-clock limits on your queues, and the
limit is less than the time the krb ticket is valid, you should be okay.
Otherwise, I think you need a way to automatically renew them. This
thread has two scripts--*untested by me*--but may work.
http://www.linuxquestions.org/questions/linux-software-2/automatic-renewal-of-kerberos-tickets-792305/
Just a thought...
--
Jesse Becker
NHGRI Linux support (Digicon Contractor)
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
