[Beowulf] Authentication within beowulf clusters.

Jag agrajag at dragaera.net
Sat Jan 31 10:32:58 EST 2004


On Fri, 2004-01-30 at 20:00, Brent M. Clements wrote:
> So, we were just going through out standards and procedures on how we do
> various things on our beowulf clusters. One of the procedures that we are
> looking at is the way to do authentication.
> 
> My question is this, how does everyone handle authentication?
> 
> Do you run standalone ldap or nis services on the master/management node
> of their beowulf clusters?
> 
> We'd like to get an idea of how everyone else handles authentication on
> their clusters. If your company/university uses a centralized
> authentication service...please explain how you get your private network
> nodes to work with that configuration.

I work at a large university that has a central kerberos server.  How we
do it is we use NIS locally in the cluster, but *only* for name service
information.  We then configure PAM to use kerberos off the main campus
servers to do the actual authentication.  We do this so we can use the
central campus resources, but still remap home directories and such. 
The main key to that is making sure that the usernames on the cluster
match the campus username.

In order to use this on the compute nodes, we use hostbased
authentication with ssh.  This is along the same lines of doing
hosts.equiv with rsh.  We have 4 head nodes that are on the public
network and the internal cluster network.  A user simply logs into
there, and when their mpich jobs call ssh, ssh lets them log into any of
the cluster nodes without asking for a password.  We can get away with
this as we have a private LAN for all the nodes, and physical access to
the cluster is restricted.

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list