[torqueusers] kerberos tickets

Mike Coyne Mike.Coyne at PACCAR.com
Wed Jun 9 15:01:40 MDT 2010

Attached is a diff which I have used to deal with gssapi tickets on the
non-mother superior compute nodes for mpi runs using the TM interface.
Basicly the pbs server uses the users credentials to auth to the mother
superior compute node, mom then saves a copy of the credential on that
node and starts the job. In order to use the TM interface on other nodes
you need a ticket to get you "afs token" and access you home directory
(in my case)>I made use of Boings node check routing to inflict a
authenaction check on each of the propective nodes to verify the user is
valid on the node and as a side effect to save a copy of there creds on
the other nodes. The other piece to the puzzle is for the other moms to
use the credential to set the users pag and get there token unlocking
there home directory prior to running the requested script/command. With
the "new" alpha torque from what I understand the mom-mom rpp has
changed from udp -> tcp? That would really make this much cleaner. 

I would like to give back to the group the work I have put in thus far
on this , my efforts have been revolving around getting either Kerberos
gssapi or Globus gssapi to function with torque.  Should I submit it to
this group of is there a better place / means to send the patch?


-----Original Message-----
From: torqueusers-bounces at supercluster.org
[mailto:torqueusers-bounces at supercluster.org] On Behalf Of Mike Coyne
Sent: Wednesday, June 09, 2010 7:13 AM
To: Torque Users Mailing List
Subject: Re: [torqueusers] kerberos tickets

The --with-gssapi path is to the install path for your gssapi , what it
is looking for is <gssapi-path>/bin/krb5-config , for instance on say
redhat linux it would be /usr/kerberos ... 

-----Original Message-----
From: torqueusers-bounces at supercluster.org
[mailto:torqueusers-bounces at supercluster.org] On Behalf Of Andreas
Sent: Wednesday, June 09, 2010 6:31 AM
To: torqueusers at supercluster.org
Subject: Re: [torqueusers] kerberos tickets

On Saturday 05 June 2010 00:09:19 Garrick Staples wrote:
> On Wed, Jun 02, 2010 at 04:42:16PM +0200, Andreas Davour alleged:
> > Hi
> >
> > I wonder if someone here have set up torque to forward kerberos
> > to the submit host (after doing qmgr -c "set server submit_hosts =
> > submithost"), and finally to the worker nodes?
> >
> > Is it done automatically via rsh -F or suchlike (and will that
happen on
> > submithost as well?) or do I have to tell torque about it?
> >
> > Feel free to point me to relevant sections of the documentation.
> svn://svn.clusterresources.com/torque/branches/gssapi

So what am I supposed to give as an argument to the configure flag
gssapi=PATH?? The path to what?

Systems Engineer
PDC Center for High Performance Computing
CSC School of Computer Science and Communication
KTH Royal Institute of Technology
SE-100 44 Stockholm, Sweden
Phone: 087906658
"A satellite, an earring, and a dust bunny are what made America great!"
torqueusers mailing list
torqueusers at supercluster.org
torqueusers mailing list
torqueusers at supercluster.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-from-branches_VENDOR_torque_gss_torque_gss_src_server_req_runjob.c-r678-to-trunk_torque_gss_src_server_req_runjob.c-r684.diff
Type: application/octet-stream
Size: 14422 bytes
Desc: diff-from-branches_VENDOR_torque_gss_torque_gss_src_server_req_runjob.c-r678-to-trunk_torque_gss_src_server_req_runjob.c-r684.diff
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20100609/4e4a6379/attachment-0001.obj 

More information about the torqueusers mailing list