Andreas Haupt <[email protected]> writes: >> The answer to "how do we get AFS access inside the grid engine jobs" >> should be "get rid of AFS and use a normal shared filesystem", not >> "write a dozen small glue scripts" to integrate GE with AUKS. > > I guess you mean filesystems without authentication when saying "use a > normal shared filesystem". But is simple uid-based "authentication" > really everything you will ever need?
(If you even have consistent uid/gids at both ends.) Apart from it being an implausible way to work cross-site, it's not likely to be acceptable for typical medical/social data, though I suppose SGE shouldn't be in its current state. >> I've not heard of arcx, so can't comment on that. [I wonder why the reference I added some time ago isn't showing up in searches...] > arcx is a home-grown solution at DESY to run programs in a privileged > environment - like sudo, but programs are run on a remote system. > Authentication is done e.g. via Kerberos (or better: SASL). > > Whereas arcx works in our case, it is not really "kerberos style". AUKS > is the better alternative from this point of view (users really store > their credentials, in case of security flaws only stored credentials > need to be revoked, ...) Thanks for the authoritative statement. The workshop paper talking about arcx is more generally useful anyway. -- Community Grid Engine: http://arc.liv.ac.uk/SGE/ _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
