arla , krb and ntp
Karsten Thygesen
karthy at kom.auc.dk
Tue Mar 28 19:55:57 CEST 2000
>>>>> "Esther" == Esther Filderman <ecf at psc.edu> writes:
Esther> I believe some queueing systems are AFS aware. Try NQS or
Esther> PBS. I think they are able to "pass along" an AFS token.
>> The third question is what happens if the time for a job exeedes
>> the time of the ticket ?
Esther> Exactly what you think -- the data being written cannot finish
Esther> and, if applicable, files cannot be read.
Esther> For this reason, users running large batch jobs often require
Esther> high expire time on their tokens. However, it's important to
Esther> realize the security implications of a token that's active
Esther> for, say, 250 hours.
There is a patch for PBS which will acquire a new token for jobs when
launching, renew the token while running, and remove it when
finnished. The price is, that PBS must be able to get your password,
which is does byt public/private key krypting of the password (so that
only the (root)trusted nodes have access to the private key and is
able to decrypt a file and thereby get your password in clear text
format. Not nice, but it is OK, if the nodes can be trusted.
Karsten
(building a 40 CPU/500Mhz, 10GB RAM Linux based PBS cluster with AFS support)
More information about the Arla-drinkers
mailing list