[torqueusers] TORQUE authorization security vulnerability

Ken Nielson knielson at adaptivecomputing.com
Tue Aug 9 13:43:22 MDT 2011

Hi all,

I do not know how wide spread this is but there is a security vulnerability in the TORQUE authorization between client and server when using the default authorization method. Using MUNGE closes this hole but we would like to add an additional, more universal secure authorization method. 

We have investigated using SSH or TLS with certificates for the server, user and user host. There has also been discussion among users concerning the GSSAPI.

I would like to hear your opinions about what you think would work best in your environment.


Ken Nielson
Adaptive Computing

More information about the torqueusers mailing list