[torqueusers] TORQUE authorization security vulnerability
knielson at adaptivecomputing.com
Tue Aug 9 13:43:22 MDT 2011
I do not know how wide spread this is but there is a security vulnerability in the TORQUE authorization between client and server when using the default authorization method. Using MUNGE closes this hole but we would like to add an additional, more universal secure authorization method.
We have investigated using SSH or TLS with certificates for the server, user and user host. There has also been discussion among users concerning the GSSAPI.
I would like to hear your opinions about what you think would work best in your environment.
More information about the torqueusers