On Fri, 18 May 2012 at 4:39pm, Reuti wrote
Finally, blocking users without certificates from accessing Grid
Engine is really important as well. A site asked about the CSP mode
not because of the authentication of UID it provides, but only to use
it to block all users without a valid certificate from using Grid
Engine.
To use or access SGE? To avoid job submissions one could create an ACL
and use it in the SGE configuration to avoid job submissions by not
entitled users in (x)user_lists, nevertheless they can issue `qstat` or
alike.
But that doesn't work if the user has root on their desktop (through means
legitimate or otherwise) and can impersonate any other user. Again,
that's what CSP does for me. The group that wants user desktops to be
submit hosts get only the certificates for their users. Any exploit on
their end doesn't endanger users outside that group.
--
Joshua Baker-LePain
QB3 Shared Cluster Sysadmin
UCSF
_______________________________________________
users mailing list
users@gridengine.org
https://gridengine.org/mailman/listinfo/users
