Thanks Matt. I'll let you know if we run into any problems. Jason
--------------------------------------------------------------------------- Jason Edgecombe | Linux and Solaris Administrator UNC Charlotte | The William States Lee College of Engineering 9201 University City Blvd. | Charlotte, NC 28223-0001 Phone: 704-687-1943 jwedg...@uncc.edu | http://engr.uncc.edu | Facebook --------------------------------------------------------------------------- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone at 704-687-1943. Thank you. -----Original Message----- From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of Matthieu Hautreux Sent: Monday, February 03, 2014 3:47 PM To: Jason Edgecombe Cc: kerberos@mit.edu Subject: Re: installing auks with torque 2014-01-20 Jason Edgecombe <ja...@rampaginggeek.com>: > Hi everyone, > > We're trying to set up a Linux compute cluster using torque. I would > like the jobs to be able to access each user's AFS space by caching the > user's Kerberos tickets/access. > > One solution is auks: > http://workshop.openafs.org/afsbpw10/talks/wed_3/hautreux_kerberos_hpc.pdf > https://github.com/hautreux/auks > > According to https://twiki.ppe.gla.ac.uk/bin/view/Main/TorqueAuks , > auks needs to be installed on the KDC, but I don't see any need for this > based on my limited understanding of auks and a cursory glance at some > of the auks code. As far as I can tell, auks is like multiple hosts > sharing a ticket cache with k5start. > > Can anyone clarify if the auks daemon really needs to be on the KDC? I'm > resistant to installing extra services on the KDC's. > Based on my understanding of what is explained on this wiki, they are using auks on the KDC because they regularly dump all the keytabs of their users, acquire tickets and push them to the auks daemon. It is not necessary to put the auks daemon on the KDC, as you guessed it is a kind of distributed credential cache with ACL enabling particular principals to get what they want from this cache. You could consider following the instruction of this wiki but only use auks as a cache and replace the KDC cron logic by an automatic "auks -a" when your users submit their jobs using torque submission CLI. (I guess that a kind of submit prolog could do that transparently, I am not familiar with torque). > > If anyone has any other ideas to pull off a job scheduler with Kerberos > & AFS access, then I'm open to that as well. > Sorry, no other ideas, that is why I wrote auks and did not follow what was going on on that subject after that :) Regards, Matthieu > > Thanks, > Jason > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos