[torqueusers] how is the torque renewal scripts supposed to work?
davour at pdc.kth.se
Mon Jul 12 10:52:04 MDT 2010
On Monday, July 12, 2010 16:43:37 Alex Rolfe wrote:
> Andreas Davour <davour at pdc.kth.se> writes:
> > On Monday, July 12, 2010 16:06:33 Alex Rolfe wrote:
> >> Andreas Davour <davour at pdc.kth.se> writes:
> >> > That was more than I manage to digest in one go.
> >> >
> >> > Let me see if I got this right.
> >> >
> >> > The pbs_server and the pbs_mom need to be started with credentials.
> >> > This means I have to start them both (for the mom on every node) with
> >> > this invocation?
> >> >
> >> > $KINIT -k -t $KEYTAB $PRINCIPAL pbs_server|pbs_mom
> >> >
> >> > and then do the same for maui and make sure they all are started in an
> >> > environment where KRB5CCNAME point to the same cache, or at least a
> >> > cache containing the same tickets?
> >> No, the server and the moms do not need to be started with valid
> >> tickets; they'll get tickets as needed as long as your kerberos
> >> configuration is setup such that a call to gss_acquire_cred() works (see
> >> pbsgss_server_acquire_creds in src/lib/Libifl/pbsgss.c; I think this is
> >> the equivalent to "kinit -k" from the command line).
> > Good, that means I got it right the first time.
> > But maui, that needs to be started with valid tickets, like "kinit -k"?
> No, the gssapi code doesn't make any changes to the communication
> between maui and the pbs_server. One *could* do that (in the same way
> that one could add gssapi authentication to all communication between
> the server and the mom), but it's not been done in the current code.
I realize there's something here which confuse me. The
contrib/gssapi/init.pbsserver script start maui using kinit and tickets from a
keytab. Is that not necessary then?
PDC Center for High Performance Computing
CSC School of Computer Science and Communication
KTH Royal Institute of Technology
SE-100 44 Stockholm, Sweden
"A satellite, an earring, and a dust bunny are what made America great!"
More information about the torqueusers