Re: [HTCondor-users] HTCondor with kerberized home directories

[Andreas Hirczy <ahi@xxxxxxxxxxxxx>]

Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx> writes:

> We have HTCondor installed on our desktop machines for submission, and
> the jobs run on worker nodes in a private network.  The desktops are
> naturally subject to security updates and may be rebooted about once
> per week. The home directories are mounted via NFSv4 with Kerberos 5
> authentication.

We use a similar setup with Kerberos/OpenAFS for home directories.

> How are others solving this? 

I remember there used to be solutions with forwarded and postdated
tickets. see e.g.
<https://lists.cs.wisc.edu/archive/htcondor-users/2007-October/msg00089.shtml>
A wrapper script with "k5start" might also work.

I never tried those, since it somehow compromises the security gain from
kerberos authentication. Also the setup always appeared a bit hacky and
not really robust.

<https://lists.cs.wisc.edu/archive/htcondor-users/2017-January/msg00051.shtml>
indicates some new development.

> Is the only way to have some kind of scratch space somewhere, with unix auth? 

We have quite a bit of scratch space; created by utilizing unused disc
capacity from computing nodes with MooseFS <https://moosefs.com/>.

Best regards,
Andreas
-- 
Andreas Hirczy <ahi@xxxxxxxxxxxxx>                  https://itp.tugraz.at/~ahi/
Graz University of Technology                       phone: +43/316/873-   8190
Institute of Theoretical and Computational Physics    fax: +43/316/873-10 8190
Petersgasse 16, A-8010 Graz                        mobile: +43/664/859 23 57