[GE users] SGE+Kerberos support

Wolfgang Friebel Wolfgang.Friebel at desy.de
Thu Mar 31 16:11:04 BST 2005

On Thu, 31 Mar 2005, Ron Chen wrote:

> Hmm, I was planning to fix some minor bugs in the
> original integration:
> I sent this mail to the list in 2003:
> http://gridengine.sunsource.net/servlets/ReadMsg?list=dev&msgId=13732
> And late last year (Nov 2004), someone encountered the
> same problem and several others:
> http://gridengine.sunsource.net/servlets/ReadMsg?list=users&msgNo=8441
> I was planning to check the changes into cvs. But if
> you can describe the new way to integrate with krb,
> then may be we can standardize on one method so that
> it would be easier to maintain.

It looks as if others have successfully built the environment you 
described. As we are using Heimdal instead of MIT it could be that is 
where our problems came from. I will try once more to build SGE with GSS 
enabled and do report my findings.

One thing puzzles me however: Both the "jobs" directory and the files 
therein are readable by ordinary users (at least in my case SGE6u3 
compiled with the -afs flag). In the docs I read
     1. qsub/qmon calls get_cred when a job is submitted to get the
        credentials of the user. The tokenized credentials are sent back
        to qsub and are put into the job request.
Therefore I could easily extract the credentials from an arbitrary user 
and use it in the same way (get_cred/put_cred) as the qmaster does. Did I 
misunderstand something here? To be on the safe side I thought that the 
credentials must be stored separately on the qmaster in a root protected 

If the above mentioned Kerberos integration does also work for us I would 
prefer that solution (as it is integrated into qmaster/execd) instead of 
our "external" solution.

Wolfgang Friebel                   Deutsches Elektronen-Synchrotron DESY
Phone/Fax:  +49 33762 77372/216    Platanenallee 6
Mail: Wolfgang.Friebel AT desy.de  D-15738 Zeuthen  Germany

To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net

More information about the gridengine-users mailing list