installing auks with torque

Matthieu Hautreux matthieu.hautreux at gmail.com
Mon Feb 3 15:46:56 EST 2014


2014-01-20 Jason Edgecombe <jason at rampaginggeek.com>:

> Hi everyone,
>
> We're trying to set up a Linux compute cluster using torque. I would
> like the jobs to be able to access each user's AFS space by caching the
> user's Kerberos tickets/access.
>
> One solution is auks:
> http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf
> https://github.com/hautreux/auks
>
> According to https://twiki.ppe.gla.ac.uk/bin/view/Main/TorqueAuks ,
> auks needs to be installed on the KDC, but I don't see any need for this
> based on my limited understanding of auks and a cursory glance at some
> of the auks code. As far as I can tell, auks is like multiple hosts
> sharing a ticket cache with k5start.
>

> Can anyone clarify if the auks daemon really needs to be on the KDC? I'm
> resistant to installing extra services on the KDC's.
>

Based on my understanding of what is explained on this wiki, they are using
auks on the KDC because they regularly dump all the keytabs of their users,
acquire tickets and push them to the auks daemon. It is not necessary to
put the auks daemon on the KDC, as you guessed it is a kind of distributed
credential cache with ACL enabling particular principals to get what they
want from this cache.

You could consider following the instruction of this wiki but only use auks
as a cache and replace the KDC cron logic by an automatic "auks -a" when
your users submit their jobs using torque submission CLI. (I guess that a
kind of submit prolog could do that transparently, I am not familiar with
torque).


>
> If anyone has any other ideas to pull off a job scheduler with Kerberos
> & AFS access, then I'm open to that as well.
>

Sorry, no other ideas, that is why I wrote auks and did not follow what was
going on on that subject after that :)

Regards,
Matthieu


>
> Thanks,
> Jason
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>


More information about the Kerberos mailing list