installing auks with torque

Edgecombe, Jason jwedgeco at uncc.edu
Mon Feb 3 16:45:04 EST 2014 

Thanks Matt. I'll let you know if we run into any problems.

Jason

---------------------------------------------------------------------------
Jason Edgecombe | Linux and Solaris Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco at uncc.edu | http://engr.uncc.edu |  Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943.  Thank you.


-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Matthieu Hautreux
Sent: Monday, February 03, 2014 3:47 PM
To: Jason Edgecombe
Cc: kerberos at mit.edu
Subject: Re: installing auks with torque

2014-01-20 Jason Edgecombe <jason at rampaginggeek.com>:

> Hi everyone,
>
> We're trying to set up a Linux compute cluster using torque. I would
> like the jobs to be able to access each user's AFS space by caching the
> user's Kerberos tickets/access.
>
> One solution is auks:
> http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf
> https://github.com/hautreux/auks
>
> According to https://twiki.ppe.gla.ac.uk/bin/view/Main/TorqueAuks ,
> auks needs to be installed on the KDC, but I don't see any need for this
> based on my limited understanding of auks and a cursory glance at some
> of the auks code. As far as I can tell, auks is like multiple hosts
> sharing a ticket cache with k5start.
>

> Can anyone clarify if the auks daemon really needs to be on the KDC? I'm
> resistant to installing extra services on the KDC's.
>

Based on my understanding of what is explained on this wiki, they are using
auks on the KDC because they regularly dump all the keytabs of their users,
acquire tickets and push them to the auks daemon. It is not necessary to
put the auks daemon on the KDC, as you guessed it is a kind of distributed
credential cache with ACL enabling particular principals to get what they
want from this cache.

You could consider following the instruction of this wiki but only use auks
as a cache and replace the KDC cron logic by an automatic "auks -a" when
your users submit their jobs using torque submission CLI. (I guess that a
kind of submit prolog could do that transparently, I am not familiar with
torque).


>
> If anyone has any other ideas to pull off a job scheduler with Kerberos
> & AFS access, then I'm open to that as well.
>

Sorry, no other ideas, that is why I wrote auks and did not follow what was
going on on that subject after that :)

Regards,
Matthieu


>
> Thanks,
> Jason
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list