Orion Poplawski <[email protected]> writes: >> I can't remember the details of how it works, but if you don't >> authenticate, then another job running on the host can use any >> credentials the one concerned can read, which is likely to give access >> to examine someone else's home directory. Without authenticating job >> submission there doesn't seem to be much point in using a Kerberized >> file system. >> > > The token should be installed only readable by the owner of the job, > so only that user has access to those credentials.
But without authentication, which you can't currently stack on "afs" security, anyone can run a job as that user, potentially on the same node <http://arc.liv.ac.uk/SGE/howto/sge-security.html>. -- Community Grid Engine: http://arc.liv.ac.uk/SGE/ _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
