[torquedev] TORQUE authorization security vulnerability
tbaer at utk.edu
Tue Aug 9 15:53:50 MDT 2011
On Tue, 2011-08-09 at 13:43 -0600, Ken Nielson wrote:
> I do not know how wide spread this is but there is a security
> vulnerability in the TORQUE authorization between client and server
> when using the default authorization method. Using MUNGE closes this
> hole but we would like to add an additional, more universal secure
> authorization method.
> We have investigated using SSH or TLS with certificates for the
> server, user and user host. There has also been discussion among users
> concerning the GSSAPI.
> I would like to hear your opinions about what you think would work
> best in your environment.
There may be no good one-size-fits-all answer here. For instance,
SSH-based authorization is a non-starter for us, as our SSH
infrastructure is largely based on one-time passwords and I expect users
would balk at having to enter a one-time password for every single job
submission. Certs might be tractable for establishing trust between
hosts, but expecting every user to have a cert is likely to be
problematic unless the site is already issuing them for other purposes
(e.g. single sign-on for gsissh logins and GridFTP). GSSAPI will work
for folks who already have Kerberos or DCE (or are willing to set one of
them up), but that could be very painful to shoehorn into an existing
We've started using MUNGE. It seems reasonably secure and is not
terribly hard to install.
Troy Baer, HPC System Administrator
National Institute for Computational Sciences, University of Tennessee
More information about the torquedev