[GE users] SGE+Kerberos support

Manel Euro euro_32 at hotmail.com
Thu Mar 31 17:00:35 BST 2005

Ok, I just saw this emails now.

I will try the procedure in 

and I will report how it went.


>From: Wolfgang Friebel <Wolfgang.Friebel at desy.de>
>Reply-To: users at gridengine.sunsource.net
>To: users at gridengine.sunsource.net
>Subject: Re: [GE users] SGE+Kerberos support
>Date: Thu, 31 Mar 2005 17:11:04 +0200 (CEST)
>On Thu, 31 Mar 2005, Ron Chen wrote:
>>Hmm, I was planning to fix some minor bugs in the
>>original integration:
>>I sent this mail to the list in 2003:
>>And late last year (Nov 2004), someone encountered the
>>same problem and several others:
>>I was planning to check the changes into cvs. But if
>>you can describe the new way to integrate with krb,
>>then may be we can standardize on one method so that
>>it would be easier to maintain.
>It looks as if others have successfully built the environment you 
>described. As we are using Heimdal instead of MIT it could be that is where 
>our problems came from. I will try once more to build SGE with GSS enabled 
>and do report my findings.
>One thing puzzles me however: Both the "jobs" directory and the files 
>therein are readable by ordinary users (at least in my case SGE6u3 compiled 
>with the -afs flag). In the docs I read
>     1. qsub/qmon calls get_cred when a job is submitted to get the
>        credentials of the user. The tokenized credentials are sent back
>        to qsub and are put into the job request.
>Therefore I could easily extract the credentials from an arbitrary user and 
>use it in the same way (get_cred/put_cred) as the qmaster does. Did I 
>misunderstand something here? To be on the safe side I thought that the 
>credentials must be stored separately on the qmaster in a root protected 
>If the above mentioned Kerberos integration does also work for us I would 
>prefer that solution (as it is integrated into qmaster/execd) instead of 
>our "external" solution.
>Wolfgang Friebel                   Deutsches Elektronen-Synchrotron DESY
>Phone/Fax:  +49 33762 77372/216    Platanenallee 6
>Mail: Wolfgang.Friebel AT desy.de  D-15738 Zeuthen  Germany
>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>For additional commands, e-mail: users-help at gridengine.sunsource.net

Express yourself instantly with MSN Messenger! Download today - it's FREE! 

To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net

More information about the gridengine-users mailing list