[Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Gerry Creager N5JXS gerry.creager at tamu.eduSat Jul 29 18:33:15 PDT 2006
- Previous message: [Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]
- Next message: [Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At the risk of initiating a flamefest, we're seeing an interesting number of scientific users who can find their way around a workstation or cluster just fine, thank you very much, but who appear to check their intelligence at the door of the lab when they want a grid-enabled application to run. I've been told it's too hard, not intuitive enough, doesn't look like my Windows (or Mac!) desktop, etc. And, further, wandering into security, folks who I've known and respected for years appear to abandon all control over their security to a Pix now for grid-enabled clusters. Go figure. Globus, viewed as a framework of applications, is making some good moves to alleviate some of the problems I've been hearing about. That's a good thing. I've also learned recently of work by the Global Grid Forum on security with particular interest in grid-capable (whatever that really means) firewalls. I'm gonna follow that activity with some degree of interest. gerry Mark Hahn wrote: >> This is all still possible. Globus doesn't require you to surrender >> any control to anyone else. > > > but if you don't use the sort of trust-delegation stuff, what's the point? > I'm pretty happy with ssh, which is secure, and requires no configuration. > >> Yes, but the remote users really don't want to learn Yet Another >> Account Name >> and password. Globus lets them use their Globus name, and you as the >> resource >> owner to create whatever accounts you want. Globus does the translating >> between the two, so everyone is happy. > > > hmm, I find that users can most often have the same username everywhere, > and identity+agent-based ssh means never needing passwords. > > but I don't think the choice of auth method really matters to this > discussion: a user authenticates to a login node and submits jobs; > the user is trusting that the job system will create the same environment > when the job is run. if either the login or execution nodes are > compromised, the user is pretty much vulnerable... > _______________________________________________ > Beowulf mailing list, Beowulf at beowulf.org > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf -- Gerry Creager -- gerry.creager at tamu.edu Texas Mesonet -- AATLT, Texas A&M University Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.862.3983 Office: 1700 Research Parkway Ste 160, TAMU, College Station, TX 77843
- Previous message: [Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]
- Next message: [Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list