managing user accounts without NIS
becker at scyld.com
Tue May 23 16:08:28 PDT 2000
On Tue, 23 May 2000, Robert G. Brown wrote:
> > > An important element of Beowulf clusters is that they have a private,
> > > protected internal network.
> > > 'Ssh' imposes a large performance burden for its security.
> > I agree if you're talking about using ssh for all your connections; but it's not
> > not that big of a deal if one is simply using scp to copy over /etc/[passwd, shadow].
Yes, that's true for low-rate updates.
> Both rsh and ssh are high overhead to begin with (forking a shell is
> pretty high overhead period). The bulk of ssh's additional overhead is
> associated with establishing and authenticating the connection itself,
> which is really a pretty wise use of compute cycles.
Ahhh, we are now using 'bproc' for everything on our clusters, including
initial installation and job distribution. It has far less overhead than
'rsh', and putting encryption on the link would make it much slower than it
is right now.
> g) Even on a beowulf, one should be using ssh to access the head node
> (which is usually on a PUBLIC network. At that point, it becomes
This we agree on -- 'ssh' is now required on any public network, and most
environments qualify as a sniffable public network.
Our model is that the private internal network may be considered secure.
> Even ssh could be improved. For example, it would be nice to have
> control of a list of environment variables to be passed, instead of
> having to work with a fixed list of built-ins (one of the main flaws of
The bproc replacement for rsh transports all environment variables, and even
allows chroot(). I'll have to ask Erik if he transports rlimit (resource
limit) info as well.
This is good enough to act as a replacement for rsh inside of PVM, but our
next development efforts will be to have native bproc-based PVM and MPI.
Donald Becker becker at scyld.com
Scyld Computing Corporation
410 Severn Ave. Suite 210
Annapolis MD 21403
More information about the Beowulf