Hi, On Fri, 2012-10-05 at 16:20 -0700, Alex Chekholko wrote: > On 10/05/2012 04:09 AM, Dave Love wrote: > > Alex Chekholko <[email protected]> writes: > >> Hi Christoph, > >> We do have it working with AUKS, which is mostly outside GE. > > Is that better than DESY's arcx system, or are they roughly equivalent? > > I can't remember why arcx seemed a better bet on a quick look. > > Is the AUKS integration trivial? If not, perhaps you could share it. > While I could share our exact config, and it does work, I would not wish > it upon anyone. > > The answer to "how do we get AFS access inside the grid engine jobs" > should be "get rid of AFS and use a normal shared filesystem", not > "write a dozen small glue scripts" to integrate GE with AUKS.
I guess you mean filesystems without authentication when saying "use a normal shared filesystem". But is simple uid-based "authentication" really everything you will ever need? How about e.g. web services accessed from the job script? Will they need to run unauthenticated? Should they contain e.g. a username/password somewhere? > I've not heard of arcx, so can't comment on that. arcx is a home-grown solution at DESY to run programs in a privileged environment - like sudo, but programs are run on a remote system. Authentication is done e.g. via Kerberos (or better: SASL). Whereas arcx works in our case, it is not really "kerberos style". AUKS is the better alternative from this point of view (users really store their credentials, in case of security flaws only stored credentials need to be revoked, ...) Cheers, Andreas -- | Andreas Haupt | E-Mail: [email protected] | DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt | Platanenallee 6 | Phone: +49/33762/7-7359 | D-15738 Zeuthen | Fax: +49/33762/7-7216 _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
