[torquedev] TORQUE authorization security vulnerability

Ken Nielson knielson at adaptivecomputing.com
Tue Aug 9 13:43:22 MDT 2011


Hi all,

I do not know how wide spread this is but there is a security vulnerability in the TORQUE authorization between client and server when using the default authorization method. Using MUNGE closes this hole but we would like to add an additional, more universal secure authorization method. 

We have investigated using SSH or TLS with certificates for the server, user and user host. There has also been discussion among users concerning the GSSAPI.

I would like to hear your opinions about what you think would work best in your environment.

Regards

Ken Nielson
Adaptive Computing


More information about the torquedev mailing list