[gridengine users] current status of Kerberos support (and maybe AFS)?

Dave Love d.love at liverpool.ac.uk
Thu Nov 17 12:13:56 UTC 2011


In case this is still relevant:

Alex Chekholko <chekh at stanford.edu> writes:

> Hey all,
>
> I'm a somewhat experienced GE admin trying to get Grid Engine up and
> running on some systems that have Kerberos and AFS but not SSH pubkey
> auth or SSH password auth.

How is ssh relevant -- for parallel jobs with credential forwarding, or
for initial access?

> Regular users have an AFS global homedir.
>
> Where can I look for the status of Kerberos and/or AFS support in
> current versions of GE?

I've been told off for commenting before but, I'd still look first at
http://arc.liv.ac.uk/SGE/workshop10-12.09.07/K5SGE.pdf

Ignore the now broken and incomplete Kerberos security mechanism,
although OGS said they'll fix it as far as I remember.  Its author
recommended the GSS one instead.  I got that building, but it's
completely insecure, as noted in the reference above, and I think the
AFS one has the same problem.  I can't remember how current the
information in
http://arc.liv.ac.uk/repos/darcs/sge/source/security/security.html but I
have some uncommitted updates.

> I'm using the Debian Squeeze packages, but I can switch to a custom
> install from any current fork.
>
> This link seems most promising, but more complicated than I like:
> http://markmail.org/message/3vakrcunuyyw5euf

I can't read that now -- markmail seems to be broken.



More information about the users mailing list