Joshua Baker-LePain <j...@salilab.org> writes: >> I fixed that in https://arc.liv.ac.uk/trac/SGE/log/sge/source?rev=4928 >> after I bumped into it in containers. It would be helpful to others if >> people could report bugs on the tracker, though someone did that one >> recently. > > That was me. :)
OK, thanks! I will try to get out a release with this and other fixes, but I can't properly test these days. >> If I was adminning a cluster -- so probably not needing to protect the >> communication -- I'd use MUNGE authentication now. It's easier than >> CSP. > > My use case for CSP is that I have groups who want every user desktop > to be a submit host. My trust in those desktops is limited since the > users have physical access to them. With CSP I can give that group > the certs only for their users. That way if a host gets compromised > they can only imitate another user from the group, not any cluster > user (or sge or root). > > IOW, with MUNGE you implicitly trust a host. With CSP you can trust > on a more granular level, which I find highly useful. Right. I was assuming "cluster" with just integrated login nodes, which is what MUNGE is for, of course. _______________________________________________ SGE-discuss mailing list SGE-discuss@liv.ac.uk https://arc.liv.ac.uk/mailman/listinfo/sge-discuss
