[Beowulf] Re: Linux cluster authenticating against multiple Active Directory domains
d.love at liverpool.ac.uk
Tue Aug 12 09:04:32 PDT 2008
Chris Samuel <csamuel at vpac.org> writes:
> My information is that it's NSS that's more the problem
> here rather than PAm, because of the assumptions it makes.
Well, the OP only talked about authentication.
> We'd prefer to steer clear of Kerberos, it introduces
> arbitrary job limitations through ticket lives that
> are not tolerable for HPC work.
> Say you submit a job that is in the queue for a week
> and then will run for 3 months - we don't know if the
> AD admins will permit the creation of a 4 month ticket
> "just in case"..
Why do you need to re-authenticate, and if you do, surely you need to
stash a credential somewhere however you do it?
More information about the Beowulf