[gridengine users] current status of Kerberos support (and maybe AFS)?

Dave Love d.love at liverpool.ac.uk
Thu Nov 17 12:13:56 UTC 2011

In case this is still relevant:

Alex Chekholko <chekh at stanford.edu> writes:

> Hey all,
> I'm a somewhat experienced GE admin trying to get Grid Engine up and
> running on some systems that have Kerberos and AFS but not SSH pubkey
> auth or SSH password auth.

How is ssh relevant -- for parallel jobs with credential forwarding, or
for initial access?

> Regular users have an AFS global homedir.
> Where can I look for the status of Kerberos and/or AFS support in
> current versions of GE?

I've been told off for commenting before but, I'd still look first at

Ignore the now broken and incomplete Kerberos security mechanism,
although OGS said they'll fix it as far as I remember.  Its author
recommended the GSS one instead.  I got that building, but it's
completely insecure, as noted in the reference above, and I think the
AFS one has the same problem.  I can't remember how current the
information in
http://arc.liv.ac.uk/repos/darcs/sge/source/security/security.html but I
have some uncommitted updates.

> I'm using the Debian Squeeze packages, but I can switch to a custom
> install from any current fork.
> This link seems most promising, but more complicated than I like:
> http://markmail.org/message/3vakrcunuyyw5euf

I can't read that now -- markmail seems to be broken.

More information about the users mailing list