[Beowulf] Blue-sky cluster security [was CLuster - Mpich - tstmachines - Heeelp !!!!!!!!]

Mark Hahn hahn at physics.mcmaster.ca
Sat Jul 29 17:16:43 PDT 2006


> This is all still possible. Globus doesn't require you to surrender
> any control to anyone else.

but if you don't use the sort of trust-delegation stuff, what's the point?
I'm pretty happy with ssh, which is secure, and requires no configuration.

> Yes, but the remote users really don't want to learn Yet Another Account Name
> and password. Globus lets them use their Globus name, and you as the resource
> owner to create whatever accounts you want. Globus does the translating
> between the two, so everyone is happy.

hmm, I find that users can most often have the same username everywhere,
and identity+agent-based ssh means never needing passwords.

but I don't think the choice of auth method really matters to this 
discussion: a user authenticates to a login node and submits jobs;
the user is trusting that the job system will create the same environment
when the job is run.  if either the login or execution nodes are compromised, 
the user is pretty much vulnerable...



More information about the Beowulf mailing list