[Beowulf] Re: Linux cluster authenticating against multiple Active Directory domains

Dave Love d.love at liverpool.ac.uk
Tue Aug 12 09:04:32 PDT 2008

Chris Samuel <csamuel at vpac.org> writes:

> My information is that it's NSS that's more the problem
> here rather than PAm, because of the assumptions it makes.

Well, the OP only talked about authentication.

> We'd prefer to steer clear of Kerberos, it introduces
> arbitrary job limitations through ticket lives that
> are not tolerable for HPC work.
> Say you submit a job that is in the queue for a week
> and then will run for 3 months - we don't know if the
> AD admins will permit the creation of a 4 month ticket
> "just in case"..

Why do you need to re-authenticate, and if you do, surely you need to
stash a credential somewhere however you do it?

More information about the Beowulf mailing list