[torqueusers] Kerberos

Chris Samuel csamuel at vpac.org
Mon Oct 18 22:00:15 MDT 2004


On Sat, 16 Oct 2004 03:39 am, torqueusers at supercluster.org wrote:

CAVEAT: We don't use Kerberos at VPAC, so I've never tried the following!

> Hi. I wanted to know if I could configure torque to use kerberos. And
> how?

This came up on the list a few months back, although I didn't see anyone say 
that they actually got it working.

If you want to look at how PBS does its authentication at the moment (using 
ruserok(3)) and convert that to Kerberos then you can find that in the file:

        src/lib/Libsite/site_check_u.c

in the function:

        site_check_user_map()

The comments say:

/*
 * site_check_u - site_check_user_map()
 *
 *      This routine determines if a user is privileged to execute a job
 *      on this host under the login name specified (in user-list attribute)
 *
 *      As provided, this routine uses ruserok(3N).  If this is a problem,
 *      It's replacement is "left as an exersize for the reader."
 */

(sic)

There might be a kuserok(3) variant you can slip in there instead, as long as 
you do whatever magic Kerberos requires you to beforehand..


You can also tell the Torque configure process to use another program instead 
of scp by doing (say):

 SCP_PATH=/usr/local/bin/kcp ./configure --with-scp

You can check that's worked by doing:

 grep SCP_PATH ./src/include/pbs_config.h

Playing around with configure it looks like it uses the value it's cached 
previously in preference to the environment value, so you'll need to either 
remove config.cache first or do a "make distclean" to make sure you've got a 
clean configuration.

Good luck!
Chris
-- 
 Christopher Samuel - (03)9925 4751 - VPAC Systems & Network Admin
 Victorian Partnership for Advanced Computing http://www.vpac.org/
 Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20041019/776ba19e/attachment.bin


More information about the torqueusers mailing list