[Beowulf] Authentication within beowulf clusters.

Mark Hahn hahn at physics.mcmaster.ca
Sat Jan 31 12:54:25 EST 2004


> My question is this, how does everyone handle authentication?

our clusters are accessible via ssh, with no auth within.

> Do you run standalone ldap or nis services on the master/management node
> of their beowulf clusters?

no, rsync'ed passwd/shadow files; we'll eventually consider switching to ldap
or a simple sql-backed passwd/shadow generator.  NIS is out of the question.

> their clusters. If your company/university uses a centralized
> authentication service...please explain how you get your private network
> nodes to work with that configuration.

I don't see the advantage of "centralized" auth, except has a form of
centralized control (which is inherently bad).  consider that a random user
*never* has access to every resource on campus, so whoever admins the central
auth has to be constantly managing permissions for random resources that pop up.
not to mention that it creates a single point of failure and a network
hotspot (yes, yes, those can be engineered around.)  single point of
compromise, too. 

what's the benefit?  ssh already does password-less, secure logins, so there's
no advantage there.  if everything were not ssh-based, I'm sure the analysis 
would be different.

I'd sooner consider going to pure ssh-key logins, rather than involving 
some external authentication oracle.

regards, mark hahn.

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list