[torqueusers] Remote submit hosts?
Chris Samuel
csamuel at vpac.org
Thu Dec 21 14:52:46 MST 2006
On Wednesday 13 December 2006 11:11, Kjeldgaard Morten wrote:
> I think the general consensus is that the rsh utilities and /etc/
> hosts.equiv are security holes that should be avoided at all cost.
Torque doesn't actually use the r* applications themselves, what happens is
that there is an example authentication function defined in the file:
src/lib/Libsite/site_check_u.c
which has a comment that says:
/*
* site_check_u - site_check_user_map()
*
* This routine determines if a user is privileged to execute a job
* on this host under the login name specified (in user-list attribute)
*
* As provided, this routine uses ruserok(3N). If this is a problem,
* It's replacement is "left as an exercise for the reader."
*
* Return -1 for access denied, otherwise 0 for ok.
*/
It actually looks like it does some extra checks now, with comments like:
/* submitting from server host, access allowed */
/* job submitted from compute host, access allowed */
/* job submitted from host found in trusted submit host list, access allowed
*/
So if you want to add/debug things then this looks like the place to do it!
cheers,
Chris
--
Christopher Samuel - (03)9925 4751 - VPAC Deputy Systems Manager
Victorian Partnership for Advanced Computing http://www.vpac.org/
Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20061222/2d7e8c05/attachment.bin
More information about the torqueusers
mailing list