Joshua Baker-LePain <j...@salilab.org> writes:

>> I fixed that in https://arc.liv.ac.uk/trac/SGE/log/sge/source?rev=4928
>> after I bumped into it in containers.  It would be helpful to others if
>> people could report bugs on the tracker, though someone did that one
>> recently.
>
> That was me.  :)

OK, thanks!  I will try to get out a release with this and other fixes,
but I can't properly test these days.

>> If I was adminning a cluster -- so probably not needing to protect the
>> communication -- I'd use MUNGE authentication now.  It's easier than
>> CSP.
>
> My use case for CSP is that I have groups who want every user desktop
> to be a submit host.  My trust in those desktops is limited since the
> users have physical access to them.  With CSP I can give that group
> the certs only for their users.  That way if a host gets compromised
> they can only imitate another user from the group, not any cluster
> user (or sge or root).
>
> IOW, with MUNGE you implicitly trust a host.  With CSP you can trust
> on a more granular level, which I find highly useful.

Right.  I was assuming "cluster" with just integrated login nodes, which
is what MUNGE is for, of course.
_______________________________________________
SGE-discuss mailing list
SGE-discuss@liv.ac.uk
https://arc.liv.ac.uk/mailman/listinfo/sge-discuss

Reply via email to