[Beowulf] Re: Kerberos + HPC
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Dave Love d.love at liverpool.ac.ukWed Aug 13 07:15:04 PDT 2008
- Previous message: [Beowulf] Re: Kerberos + HPC
- Next message: [Beowulf] Re: Kerberos + HPC
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Perry E. Metzger" <perry at piermont.com> writes: > So, you just run kinit in cron as the specified daemon user with the > appropriate flags and it will renew its own tickets and all is well. Who says you can even run kinit from cron if it was appropriate? > I'm not sure why people think this is all so mysterious. Can you > explain what is hard about this? That's just hand-waving. Hard things include how you integrate it with a distributed batch system, for a start. Making it tolerably secure too. I don't want all users to keep keytabs around everywhere (synchronized with password changes), even if they were practically going to solve the problem of having valid credential caches at the relevant times on the relevant nodes. >> The canonical tool for daemonic use is >> <URL:http://www.eyrie.org/~eagle/software/kstart/>, but it's probably >> not so useful for jobs in a batch system. > > Why bother when kinit will do the job? That's what it is for. Russ Allbery can doubtless justify it better than I can, if the doc doesn't help. He's an MIT Kerberos maintainer(?)/contributor and runs a large Kerberos infrastructure; I don't think he was wasting his time.
- Previous message: [Beowulf] Re: Kerberos + HPC
- Next message: [Beowulf] Re: Kerberos + HPC
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list