Hi, On Sun, 2011-02-20 at 13:17 +0000, Dave Love wrote: > Chris Jewell <[email protected]> writes: > > > Hi All, > > > > I was wondering if anybody had any info on using Grid Engine with > > Kerberos authentication?
Well, GE actually does not support Kerberos authentication. It provides methods to fetch a ticket on job submission (get_token_cmd when running with AFS support) as well as providing tickets during job execution (set_token_cmd). Nevertheless, there is no authentication process during job submission. > In the absence of anyone speaking who has been doing it: There's was > stuff about it on the old list, searchable via gridengine.markmail.org, > including reference to Friebel's SGE workshop talk about the setup at > DESY. unfortunately the proceedings have been taken down, and I've > failed to archive them, although I have a copy of that one. The > software it refers to is at ftp://ftp.ifh.de/pub/unix/gnu/perl/modules/ > but I haven't used it. This stuff can be used to forge K5 tickets and AFS tokens. > There's also a system reported at > http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf > which has integration for SLURM, but I don't know how difficult it would > be to integrate it with GE. This stuff can be used to provide jobs with K5 credentials, also. Slurm still does not provide K5 authentication, either. > Of course, the Kerberos security model is basically incompatible with > arbitrary length unattended batch jobs, experimental sessions, etc., and > you need to have control of your authentication and resource > infrastructure to make this sort of thing work. That doesn't mean > there's anything wrong with the model, but a capability system is > probably more appropriate for such applications. ACK. Cheers, Andreas -- | Andreas Haupt | E-Mail: [email protected] | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216 _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
