[gridengine users] ignore hostname checking for submit hosts?

Dave Love d.love at liverpool.ac.uk
Fri Jun 17 13:10:50 UTC 2011


Vadim Gutnik <gutnik at gmail.com> writes:

>> Anyway, if you just want the hack that turns off submit host checking,
>> I can send the diff to you offline -- I have no problem with sharing
>> it here, but it really is a security issue
>
> Everybody (else) in the world runs servers that have no root exploits,
> on secure networks
> with secure authenticated filesystems? Wow.  :)

Indeed, and rhosts-style security isn't worth that much.  At the risk of
being savaged again for referring to it:  for anyone who might not
realize,  "... The assumption is made that the Grid Engine cluster is
not exposed to any malicious attacks."
<http://arc.liv.ac.uk/repos/darcs/sge/source/security/security.html>.

[I'm puzzled by the current alert about torque that suggests it doesn't
even default to host-based checking (confirmed by the doc), and people
are running  open to the world without it truned on.  I'm often puzzled
by gridpp, though.  Does anyone know how  torque control of submision
works generally?]

The GE security stuff needs sorting out, I think.  The hostname
check should be optional, perhaps as a "security method" in the same way as e.g. csp, and the methods shouldn't be mutually exclusive (like afs
_or_ gss).

-- 
Excuse the typping -- I have a broken wrist



More information about the users mailing list