[torqueusers] Remote submit hosts?

Chris Samuel csamuel at vpac.org
Thu Dec 21 14:52:46 MST 2006


On Wednesday 13 December 2006 11:11, Kjeldgaard Morten wrote:

> I think the general consensus is that the rsh utilities and /etc/
> hosts.equiv are security holes that should be avoided at all cost.

Torque doesn't actually use the r* applications themselves, what happens is 
that there is an example authentication function defined in the file:

 src/lib/Libsite/site_check_u.c

which has a comment that says:

/*
 * site_check_u - site_check_user_map()
 *
 *      This routine determines if a user is privileged to execute a job
 *      on this host under the login name specified (in user-list attribute)
 *
 *      As provided, this routine uses ruserok(3N).  If this is a problem,
 *      It's replacement is "left as an exercise for the reader."
 *
 *      Return -1 for access denied, otherwise 0 for ok.
 */

It actually looks like it does some extra checks now, with comments like:

    /* submitting from server host, access allowed */
    /* job submitted from compute host, access allowed */
  /* job submitted from host found in trusted submit host list, access allowed 
*/

So if you want to add/debug things then this looks like the place to do it!

cheers,
Chris
-- 
 Christopher Samuel - (03)9925 4751 - VPAC Deputy Systems Manager
 Victorian Partnership for Advanced Computing http://www.vpac.org/
 Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20061222/2d7e8c05/attachment.bin


More information about the torqueusers mailing list