User logins

[Robert G. Brown]

On Wed, 9 Jun 1999, Philip Juels wrote:

> I don't know if this has been talked about. but how do you all
> administer login accounts in your cluster?  Identical but independent
> login accounts on each node?  NIS?  With large clusters, administering
> user login accounts must be a nightmare.

Since we have a "cluster", rather than a "beowulf" per se, we use NIS,
but one could also use e.g. rdist to keep things synchronized.  That is,
even on a large cluster (or large LAN) there are a number of tools and
approaches designed to make adminstration of accounts scale decently.
NIS is expensive and a bit clunky, but login/authentication is a
one-shot serial expense and irrelevant compared to parallel runtime a
long calculation.

If your cluster is a "true beowulf" with a head/gateway/firewall node,
there are other solutions, e.g. -- logging into just the head node
(which requires NIS or external accounts to be set up) and then su-ing
to a predefined account defined on all the nodes with no password
required and little or no authentication internally.  Jobs are then run
using this account.  This is "convenient" in some ways because this one
account would be the one which owns pvmd, for example, which can
simplify the management of pvmd and its associated locks.  It does
presuppose both a lot of trust between users of the 'wulf and a certain
homogeneity of purpose -- if lots of users and groups use it, you will
probably want either several of these accounts or to use NIS or rdist to
propagate your usual accounts for logging and accountability purposes.

   rgb

Robert G. Brown	                       http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567  Fax: 919-660-2525     email:rgb@phy.duke.edu