On 10/10/2012 10:05 AM, Dave Love wrote:
Christoph Müller <[email protected]> writes:
Furthermore, from a security point of view, S4U2Proxy would be the
better solution - at least, I read that from your slides. This would,
however, require that I grab the users's ticket when he submits the
job, correct? So far, I do not see any possibility to hook into
qsub. Is there any possibility in SGE to do this - except of the
obvious solution of providing a custom wrapper script around qsub?
That's what the "GSSAPI" mechanism does. If I recall correctly,
invoking the hook in qsub does currently work.
Not sure what you mean by GSSAPI here, guess I need to look at the
slides. But to reiterate, in afs mode the get_token_cmd script is run
and emits the token in some form to stdout. The qmaster then stores
this (in memory it seems, they get lost on qmaster restart). The
set_token_cmd script then receives the token from stdin on job
execution. It is also in token.afs in the job spool directory, owned by
(and only readable by) sgeadmin.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 http://www.cora.nwra.com
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
