[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Condor-users] Architechture suggestions for large Condor pool

> On Wed, 9 Feb 2005 09:05:59 +1100, paul.chubb@xxxxxxxxxx
> <paul.chubb@xxxxxxxxxx> wrote:
> > Dan,
> >       that is big. Have you seen the ppt from condor uk week:
> > 
> > http://www.nesc.ac.uk/talks/438/12th/deploying_large_pools.ppt
> Interestingly I saw that this was on the agenda for that week but
> couldn't find the associated presentation - clearly I wasn't looking
> hard enough.  And we are aware that it is a big deployment!  I think
> this is half the fun ;)
> > It has some interesting info that may identify hotspots.
> > BTW how are you doing the authentication against AD for the windows
> > machines and linux machines?
> This is what we are investigating at the moment.  
I've seen several comments on the list asking about this, so I'll just
chime in here:  It's easy ;-).  If all you want is authentication (i.e.
you don't care about common UIDs, NFS shares etc), then two magic words:
PAM and Kerberos. 
Configure PAM to use Kerberos, and configure Kerberos to use your Domain
Controllers as the KDC(s).   Use authconfig on Fedora/RedHat to do this
the "easy" way.
The create an account on linux (useradd -m <username>, where username is
the same as in AD), and you're away.  

Like I say, you'll have to manage UIDs manually (if it's important to
you), and you'll have to add the account to every single linux box.  The
alternative is Samba with winbindd and other magic.  I've never used
that so I can't comment. ;-)

Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.