[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] HTCondor with kerberized home directories
- Date: Tue, 12 Jun 2018 09:46:52 +0200
- From: Andreas Hirczy <ahi@xxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] HTCondor with kerberized home directories
Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx> writes:
> We have HTCondor installed on our desktop machines for submission, and
> the jobs run on worker nodes in a private network. The desktops are
> naturally subject to security updates and may be rebooted about once
> per week. The home directories are mounted via NFSv4 with Kerberos 5
We use a similar setup with Kerberos/OpenAFS for home directories.
> How are others solving this?
I remember there used to be solutions with forwarded and postdated
tickets. see e.g.
A wrapper script with "k5start" might also work.
I never tried those, since it somehow compromises the security gain from
kerberos authentication. Also the setup always appeared a bit hacky and
not really robust.
indicates some new development.
> Is the only way to have some kind of scratch space somewhere, with unix auth?
We have quite a bit of scratch space; created by utilizing unused disc
capacity from computing nodes with MooseFS <https://moosefs.com/>.
Andreas Hirczy <ahi@xxxxxxxxxxxxx> https://itp.tugraz.at/~ahi/
Graz University of Technology phone: +43/316/873- 8190
Institute of Theoretical and Computational Physics fax: +43/316/873-10 8190
Petersgasse 16, A-8010 Graz mobile: +43/664/859 23 57