On Jun 16, 2007, at 2:54 AM, Ketan C Maheshwari wrote:
As far as I have understood all the options have risk. Isn't the credential delegation per-service or (if finer control and more security is needed) per-method is 'the' safest option.
How would the container use that delegated credential to perform a qsub as some other user? How does the delegated credential enable the container to read a file that is read-only to another account? Even if you use delegated credentials, there are still things that we want to do that require access to other accounts.
Charles
