[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] HTCondor with kerberized home directories

Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx> writes:

> We have HTCondor installed on our desktop machines for submission, and
> the jobs run on worker nodes in a private network.  The desktops are
> naturally subject to security updates and may be rebooted about once
> per week. The home directories are mounted via NFSv4 with Kerberos 5
> authentication.

We use a similar setup with Kerberos/OpenAFS for home directories.

> How are others solving this? 

I remember there used to be solutions with forwarded and postdated
tickets. see e.g.
A wrapper script with "k5start" might also work.

I never tried those, since it somehow compromises the security gain from
kerberos authentication. Also the setup always appeared a bit hacky and
not really robust.

indicates some new development.

> Is the only way to have some kind of scratch space somewhere, with unix auth? 

We have quite a bit of scratch space; created by utilizing unused disc
capacity from computing nodes with MooseFS <https://moosefs.com/>.

Best regards,
Andreas Hirczy <ahi@xxxxxxxxxxxxx>                  https://itp.tugraz.at/~ahi/
Graz University of Technology                       phone: +43/316/873-   8190
Institute of Theoretical and Computational Physics    fax: +43/316/873-10 8190
Petersgasse 16, A-8010 Graz                        mobile: +43/664/859 23 57