[Beowulf] Newbie
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Leif Nixon nixon at nsc.liu.seThu Jan 5 07:33:35 PST 2006
- Previous message: [Beowulf] Newbie
- Next message: [Beowulf] Newbie
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Robert G. Brown" <rgb at phy.duke.edu> writes: > I agree heartily. In fact, I almost wrote to say so, but I'm being > discrete these days. Hah. > However, if any account is compromised by any means whatsoever, you're > equally screwed regardless of how you authenticate at the shell level. Kerberos-style security can give you a certain level of extra protection, depending on the circumstances, so there *are* different shades of screwedness. In general, you need to think long and hard about the trust domains within a cluster. Adopting the view "This cluster is a single big machine. We don't need no steeking internal security barriers" is a bad idea; you want to contain intrusions as much as possible. Limit the ways root can ssh within the cluster, export your filesystems ro/nosuid as far as possible, disable user login on all machines they don't need to login on... -- Leif Nixon - Systems expert ------------------------------------------------------------ National Supercomputer Centre - Linkoping University ------------------------------------------------------------
- Previous message: [Beowulf] Newbie
- Next message: [Beowulf] Newbie
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list