[slurm-users] Remote submission hosts and security

[Chris Samuel]

On Wednesday, 6 December 2017 8:27:08 AM AEDT Jeff White wrote:

> I have a need to allow a server which is outside of my cluster access to
> submit jobs to the cluster.  I can do that easily enough by handing my
> Slurm RPMs, config, and munge key to the owner of that server and opening
> access in my firewall.  However, since it is a system outside of my control
> the owner of it can become root (or impersonate any user they wish) and
> gain full control of Slurm.  Obviously that's not good.

They would also need to be using your LDAP as well to have common usernames 
and UIDs to keep munge and the Slurm utilities happy.

> Are there any mechanisms for allowing a remote host to submit jobs but not
> have any administrative access to Slurm?

This sounds like the sort of problem that tools like Globus were designed to 
solve, where you use X.509 certificates to attest who a user is and they can 
create a short lived proxy to accompany a job to take action on their behalf.  
These days some of this has reappeared as "cilogin" from InCommon (still seems 
to be using MyProxy for X.509 certs from users federated auth provider):

https://www.incommon.org/

Really I think Slurm (and munge) assume that they are all within a common 
adminstrative boundary and if you need to go beyond that then you want to 
start looking at providing an API that you control to remote services using 
some sort of federated authentication as above.

Basically the problem you've got is a large part of why grid computing (as in 
Globus etc) got going - how to solve this sort of thing securely.

Best of luck,
Chris
-- 
 Chris Samuel  :  http://www.csamuel.org/  :  Melbourne, VIC