[GE users] Any reason not to have all user's workstations as submit hosts?

massot bernard.massot at ens.fr
Wed Apr 14 09:36:33 BST 2010

On Mon, Apr 12, 2010 at 01:12:40PM -0700, benmwebb wrote:
> Even if you could prevent your users from rooting the workstation and
> thus impersonating any user, the network protocol between submit host
> and SGE master trusts the submit host and does not require an
> originating port < 1024, so a cunning user can simply hack up their
> own SGE client and submit jobs as any user even without rooting the
> box.
> To at least partially solve this problem, you could deploy CSP
On my network I consider users can't get root access on submit hosts but
IP spoofing is quite easy. I first looked at the certificates approach
but quickly felt it would be cumbersome to deploy and maintain.
I chose to use IPsec with preshared keys to authenticate submit hosts
and exec hosts to the master. It's simple and works well for me.
Bernard Massot


To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].

More information about the gridengine-users mailing list