[Beowulf] Authentication within beowulf clusters.

Brent M. Clements bclem at rice.edu
Mon Feb 2 09:24:25 EST 2004


We use ldap extensively here on all of our clusters that IT maintains. We
like it because it allows great flexibility if we need to write web
based account management systems for groups on campus. LDAP is actually
very very easy to implement, especially if you use redhat as your
distribution. We use redhat mostly exclusive here so our setup and
configuration for ldap is pretty cookie-cutter.


-Brent

Brent Clements
Linux Technology Specialist
Information Technology
Rice University


On Mon, 2 Feb 2004, Joe Landman wrote:

> I have tried to avoid NIS on linux, as it appears not to be as stable as
> needed under heavy load.  I have had customers bring it crashing down
> when it serves login information, just by running simple scripts across
> the cluster.
>
> I prefer pushing name service lookups through DNS, and I tend to use
> dnsmasq for these (http://www.thekelleys.org.uk/dnsmasq/doc.html).
> Setting up a full blown named/bind system for a cluster seems like
> significant overkill in most cases.
>
> On the authentication side, I had high hopes for LDAP, but haven't been
> able to easily/repeatably make a working LDAP server with databases.  I
> am starting to think more along the lines of a simple database with pam
> modules on the frontend.  See
> http://freshmeat.net/projects/pam_pgsql/?topic_id=136 or
> http://sourceforge.net/projects/pam-mysql/ for examples.
>
>
>
> On Mon, 2004-02-02 at 07:45, Brent M. Clements wrote:
> > Nscd is a necessary evil sometimes though.
> >
> > -B
> >
> > Brent Clements
> > Linux Technology Specialist
> > Information Technology
> > Rice University
> >
> >
> > On Mon, 2 Feb 2004, Leif Nixon wrote:
> >
> > > Jag <agrajag at dragaera.net> writes:
> > >
> > > > On Sat, 2004-01-31 at 10:25, Robert G. Brown wrote:
> > > >
> > > >> NIS works fine for many purposes as well, but be warned -- in certain
> > > >> configurations and for certain tasks it becomes a very high overhead
> > > >> protocol.  In particular, it adds an NIS hit to every file stat, for
> > > >> example, so that it can check groups and permissions.
> > > >
> > > > A good way around this is to run nscd (Name Services Caching Daemon).
> > >
> > > I'm really, really suspicious against nscd. I've more than once seen
> > > it hang on to stale information forever for no good reason at all.
> > >
> > > --
> > > Leif Nixon                                    Systems expert
> > > ------------------------------------------------------------
> > > National Supercomputer Centre           Linkoping University
> > > ------------------------------------------------------------
> > > _______________________________________________
> > > Beowulf mailing list, Beowulf at beowulf.org
> > > To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
> > >
> > _______________________________________________
> > Beowulf mailing list, Beowulf at beowulf.org
> > To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
>
>
_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list