[torqueusers] How to rip out user validation?

Axel Kohlmeyer akohlmey at cmm.chem.upenn.edu
Thu Jun 24 07:53:35 MDT 2010


2010/6/24 "Mgr. Šimon Tóth" <SimonT at mail.muni.cz>:
>>> Tearing out user validation is stupid, but I don't really see why you
>>> would need this. Pretty much any grid should have consistent user ID
>>> across the machines (unless you configure them manually), therefore the
>>> need for /etc/hosts.equiv should be irrelevant.
>>
>> it is not only about consistent user ids.
>> if you want to submit a job from a compute node,
>> for example a follow-up job from within a job script,
>> you need to confirm that user x on node y is equivalent
>> to user x on node z.
>
> Yes, I understand that. But can't that be safely assumed when you have a
> cluster? You can't have conflicting user names anyway.

but that is exactly what you indicate by providing
an /etc/hosts.equiv file (or .rhosts). software has no
common sense, it cannot tell how it meant to be used.

without this check it is only your firewall that would protect
anybody from anywhere to submit a job as any user.
the latter is the reason why people are responding to
this thread so vividly. you certainly don't want to host the
next inofficial password cracking world cup on your
cluster, right? ;-)

cheers,
    axel.

> --
> Mgr. Šimon Tóth
>
>



-- 
Dr. Axel Kohlmeyer    akohlmey at gmail.com
http://sites.google.com/site/akohlmey/

Institute for Computational Molecular Science
Temple University, Philadelphia PA, USA.


More information about the torqueusers mailing list