It may not the Same subject but using Kerberos help with user worry about security ?
Sent from my iPhone On May 22, 2012, at 12:15 PM, Stuart Barkley <[email protected]> wrote: > On Fri, 18 May 2012 at 04:27 -0000, Beat Rubischon wrote: > >> On 17.05.12 18:51, Rayson Ho wrote: >>> Just want to understand your use case, what is the main reason you >>> use the CSP mode?? >> >> Security. The queuemaster fully trusts the username sent by the >> client binaries over the wire. You even have not to reverse engineer >> the somewhat ugly protocol spoken by the Grid Engine - a simple >> LD_PRELOAD with an override of getuid() and getgid() is enough to >> run jobs under the ownership of a different user (even root). It >> tooks me about an hour to exploit a Grid Engine and I'm a quite bad >> "hacker". Assuming you have a cluster where more then a hand full of >> fully trusted people are working, you need to use CSP. >> >> Everything is better then the standard "security" used in Grid >> Engine. Even port based authentication in NFS and RSH offers more >> security. > > I asked the original question about use of CSP. > > This was an informative message. I've trimmed some other good > information from it, but this portion confirms what I thought was the > case with Grid Engine. > > It seems that CSP mode is the only current way to run a reasonably > secure Grid Engine configuration. For some definition of "reasonably > secure"... (see below for mine). > > In April, there was a flap over a security issue in Grid Engine, but > there are more fundamental flaws in the default security that most > installation appear to use (i.e. not using CSP mode). > > It isn't a bad idea to improve underlying security when possible and > the LD_LIBRARY_PATH/LD_PRELOAD issues are good to be fixed. > > For our clusters CSP mode seems to be overkill and administrative > heavy. It's been a while since I looked at CSP mode, but like many > certificate based systems I've seen, it lacks any functional > revocation model. (I may be wrong, let me know.) > > Our clusters run on isolated networks with all of the systems under > single administrative control. I would like to see the some other > simpler security model (using reserved ports, munge or even system > certificates instead of user certificates). > > We are still running 6.2u5 but are starting to evaluate alternatives. > Addressing host based security will be a requirement, especially for > any purchased product. > > Stuart > -- > I've never been lost; I was once bewildered for three days, but never lost! > -- Daniel Boone > _______________________________________________ > users mailing list > [email protected] > https://gridengine.org/mailman/listinfo/users _______________________________________________ users mailing list [email protected] https://gridengine.org/mailman/listinfo/users
