[Beowulf] Re: Linux cluster authenticating against multiple Active Directory domains
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Chris Samuel csamuel at vpac.orgThu Jul 31 22:37:12 PDT 2008
- Previous message: [Beowulf] Linux cluster authenticating against multiple Active Directory domains
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----- "Dave Love" <d.love at liverpool.ac.uk> wrote: > Having completely separate ADs for staff and students seems odd... Yeah, I think they're wishing they'd not done that now.. :-) > Why doesn't it work to have two `sufficient' cases > of pam_ldap with different `config' args pointing > to different servers? My information is that it's NSS that's more the problem here rather than PAm, because of the assumptions it makes. > However, LDAP isn't an authentication protocol. Use > Kerberos for authentication. We'd prefer to steer clear of Kerberos, it introduces arbitrary job limitations through ticket lives that are not tolerable for HPC work. Say you submit a job that is in the queue for a week and then will run for 3 months - we don't know if the AD admins will permit the creation of a 4 month ticket "just in case".. There's also the fact that Torque doesn't have GSSAPI support in the mainline versions yet and what I hear about the GSSAPI branch implies that it is just for testing and development at present. cheers, Chris -- Christopher Samuel - (03) 9925 4751 - Systems Manager The Victorian Partnership for Advanced Computing P.O. Box 201, Carlton South, VIC 3053, Australia VPAC is a not-for-profit Registered Research Agency
- Previous message: [Beowulf] Linux cluster authenticating against multiple Active Directory domains
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list