[GE users] Any reason not to have all user's workstations as submit hosts?

fx d.love at liverpool.ac.uk
Wed Apr 14 17:29:19 BST 2010


    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some characters may be displayed incorrectly. ]

prentice <prentice at ias.edu> writes:

> I just answered this (kinda) in a post for NFS. Don't forget there are
> other ways besides NFS to share filesystems over a network that are much
> more secure than NFS. I'm not a network filesystems expert, so I don't
> know all the options out there, but AFS is definitely one.

I don't think that's true (regardless of how good they are as
distributed filesystems relative to NFS, especially Linux's NFSv4).  As
far as I know, AFS's encryption is still weaker than single DES.  What
else is there?

Ob-SGE:  How do you operate such systems under SGE, specifically dealing
with managing the credentials you need to access the filesystem?

It seems to me that, in general, using authenticated resources like
distributed filesystems in batch systems is fundamentally rather
incompatible with good security models because of the credential
management.  You have to trust the system, in some sense, to manage your
credentials, and they must effectively have an arbitrarily long lifetime
(c.f. the Kerberos model).

-- 
Dave Love
?E-Science?, Computing Services Department, University of Liverpool
AKA fx at gnu.org

------------------------------------------------------
http://gridengine.sunsource.net/ds/viewMessage.do?dsForumId=38&dsMessageId=253401

To unsubscribe from this discussion, e-mail: [users-unsubscribe at gridengine.sunsource.net].



More information about the gridengine-users mailing list