[torqueusers] kerberos tickets

Garrick garrick at usc.edu
Wed Jun 9 15:13:58 MDT 2010


Yup, here (or preferably torquedev) is a fine place for patches.

But I'm not sure we really have someone qualified to review gssapi patches. We
really need someone to stand up and take ownership of the branch again.

Who wants the job? Who wants the glory? I can't promise sex, money, or fame;
but I can promise that kerberos tickets will flow like honey.


On Wed, Jun 09, 2010 at 04:01:40PM -0500, Mike Coyne alleged:
> Attached is a diff which I have used to deal with gssapi tickets on the
> non-mother superior compute nodes for mpi runs using the TM interface.
> Basicly the pbs server uses the users credentials to auth to the mother
> superior compute node, mom then saves a copy of the credential on that
> node and starts the job. In order to use the TM interface on other nodes
> you need a ticket to get you "afs token" and access you home directory
> (in my case)>I made use of Boings node check routing to inflict a
> authenaction check on each of the propective nodes to verify the user is
> valid on the node and as a side effect to save a copy of there creds on
> the other nodes. The other piece to the puzzle is for the other moms to
> use the credential to set the users pag and get there token unlocking
> there home directory prior to running the requested script/command. With
> the "new" alpha torque from what I understand the mom-mom rpp has
> changed from udp -> tcp? That would really make this much cleaner. 
> 
> I would like to give back to the group the work I have put in thus far
> on this , my efforts have been revolving around getting either Kerberos
> gssapi or Globus gssapi to function with torque.  Should I submit it to
> this group of is there a better place / means to send the patch?
> 
> Mike
> 
> 
> 
> -----Original Message-----
> From: torqueusers-bounces at supercluster.org
> [mailto:torqueusers-bounces at supercluster.org] On Behalf Of Mike Coyne
> Sent: Wednesday, June 09, 2010 7:13 AM
> To: Torque Users Mailing List
> Subject: Re: [torqueusers] kerberos tickets
> 
> The --with-gssapi path is to the install path for your gssapi , what it
> is looking for is <gssapi-path>/bin/krb5-config , for instance on say
> redhat linux it would be /usr/kerberos ... 
> 
> -----Original Message-----
> From: torqueusers-bounces at supercluster.org
> [mailto:torqueusers-bounces at supercluster.org] On Behalf Of Andreas
> Davour
> Sent: Wednesday, June 09, 2010 6:31 AM
> To: torqueusers at supercluster.org
> Subject: Re: [torqueusers] kerberos tickets
> 
> On Saturday 05 June 2010 00:09:19 Garrick Staples wrote:
> > On Wed, Jun 02, 2010 at 04:42:16PM +0200, Andreas Davour alleged:
> > > Hi
> > >
> > > I wonder if someone here have set up torque to forward kerberos
> tickets
> > > to the submit host (after doing qmgr -c "set server submit_hosts =
> > > submithost"), and finally to the worker nodes?
> > >
> > > Is it done automatically via rsh -F or suchlike (and will that
> happen on
> > > submithost as well?) or do I have to tell torque about it?
> > >
> > > Feel free to point me to relevant sections of the documentation.
> > 
> > svn://svn.clusterresources.com/torque/branches/gssapi
> 
> So what am I supposed to give as an argument to the configure flag
> --with-
> gssapi=PATH?? The path to what?
> 
> /andreas
> -- 
> Systems Engineer
> PDC Center for High Performance Computing
> CSC School of Computer Science and Communication
> KTH Royal Institute of Technology
> SE-100 44 Stockholm, Sweden
> Phone: 087906658
> "A satellite, an earring, and a dust bunny are what made America great!"
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers



-- 
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California

Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20100609/8f7479c0/attachment.bin 


More information about the torqueusers mailing list