On 22/07/2024 14:53, Talamo Ivano Giuseppe wrote:
Dear all,
I have a question regarding the CES service, aka protocol nodes.
Our CES cluster is configured with the AD authentication and,
accordingly to the documentation [1], SSSD should not be running on the
CES nodes. For us that's quite annoying, since we can't login with our
personal/central accounts and then sudo.
Neither we can use winbind, since samba-winbind-modules package (that
provides the necessary PAM module) conflicts with the gpfs.smb package.
We will probably end up creating one or more local accounts and using
ssh keys for access.
But I wonder if someone with a similar problem found a better workaround.
Install on Ubuntu and use local accounts with libpam-krb5?
Use local accounts and pam_krb5 from EPEL on RHEL8/9?
From what I can make out with experimentation you don't actually have
to use SSSD on RHEL8+. Wish I had known that three years ago because
frankly SSSD as shipped with RHEL8 is not ready to take over from pam_krb5
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org