[GE users] SGE+Kerberos support

Manel Euro euro_32 at hotmail.com
Thu Mar 31 17:00:35 BST 2005


Ok, I just saw this emails now.

I will try the procedure in 
http://gridengine.sunsource.net/servlets/ReadMsg?list=users&msgNo=8441.

and I will report how it went.

M.

>From: Wolfgang Friebel <Wolfgang.Friebel at desy.de>
>Reply-To: users at gridengine.sunsource.net
>To: users at gridengine.sunsource.net
>Subject: Re: [GE users] SGE+Kerberos support
>Date: Thu, 31 Mar 2005 17:11:04 +0200 (CEST)
>
>On Thu, 31 Mar 2005, Ron Chen wrote:
>
>>Hmm, I was planning to fix some minor bugs in the
>>original integration:
>>
>>I sent this mail to the list in 2003:
>>http://gridengine.sunsource.net/servlets/ReadMsg?list=dev&msgId=13732
>>
>>And late last year (Nov 2004), someone encountered the
>>same problem and several others:
>>http://gridengine.sunsource.net/servlets/ReadMsg?list=users&msgNo=8441
>>
>>
>>I was planning to check the changes into cvs. But if
>>you can describe the new way to integrate with krb,
>>then may be we can standardize on one method so that
>>it would be easier to maintain.
>>
>
>It looks as if others have successfully built the environment you 
>described. As we are using Heimdal instead of MIT it could be that is where 
>our problems came from. I will try once more to build SGE with GSS enabled 
>and do report my findings.
>
>One thing puzzles me however: Both the "jobs" directory and the files 
>therein are readable by ordinary users (at least in my case SGE6u3 compiled 
>with the -afs flag). In the docs I read
>     1. qsub/qmon calls get_cred when a job is submitted to get the
>        credentials of the user. The tokenized credentials are sent back
>        to qsub and are put into the job request.
>Therefore I could easily extract the credentials from an arbitrary user and 
>use it in the same way (get_cred/put_cred) as the qmaster does. Did I 
>misunderstand something here? To be on the safe side I thought that the 
>credentials must be stored separately on the qmaster in a root protected 
>directory.
>
>If the above mentioned Kerberos integration does also work for us I would 
>prefer that solution (as it is integrated into qmaster/execd) instead of 
>our "external" solution.
>
>--
>Wolfgang Friebel                   Deutsches Elektronen-Synchrotron DESY
>Phone/Fax:  +49 33762 77372/216    Platanenallee 6
>Mail: Wolfgang.Friebel AT desy.de  D-15738 Zeuthen  Germany
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
>For additional commands, e-mail: users-help at gridengine.sunsource.net
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list