[Beowulf] Intra-cluster security

Nicholas M Glykos glykos at mbg.duth.gr
Sun Sep 13 05:46:47 EDT 2009


Hi Stuart,

<snip>
> - Each user creates a password-less ssh private key, puts the public
> key in the authorized_hosts file and has relatively unfettered ssh
> access between nodes (nfs shared home directory helps a lot).  This
> seems to be the most common approach.  It is end-user setup/training
> intensive (I suppose it could be automated/audited). 
</snip>

A quick note to say that in the case of the perceus/warewulf/slurm 
combination as distributed with CaosNSA, you not only get the automation 
you've mentioned, but you can also restrict user access to individual 
nodes (this is through a pam module for slurm that only allows ssh access 
to those nodes that a user has active jobs on).

Nicholas

-- 


          Dr Nicholas M. Glykos, Department of Molecular Biology
     and Genetics, Democritus University of Thrace, University Campus,
  Dragana, 68100 Alexandroupolis, Greece, Tel/Fax (office) +302551030620,
    Ext.77620, Tel (lab) +302551030615, http://utopia.duth.gr/~glykos/

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list