[slurm-users] slumrestd | configuration of authorization
Stephen Said
stephen.said at henkel.com
Wed Mar 25 09:53:05 UTC 2020
Dear all,
I am uncertain how to properly configure slurmrestd to just validate JWTs and do not use other mechanisms.
My setup and observations:
* I use slurm 20.02: https://download.schedmd.com/slurm/slurm-20.02.0.tar.bz2
* I start it with systemd under root-user as follows: slurmrestd -f /etc/slurm/slurm.conf -u slurmrestd -g users 0.0.0.0:8080 -vvvvvvvv
* Env-variable SLURM_JWT is not populated
* Slurm.conf contains:
* AuthType=auth/munge
AuthAltTypes=auth/jwt
* Observations:
* I can pass invalid tokens via X-SLURM-USER-TOKEN and still get results and no 401
* slumrestd writes at startup:
* debug3: init_rest_auth: AUTH_TYPE_LOCAL activated
* debug3: init_rest_auth: AUTH_TYPE_USER_PSK activated
What might be flawed with my config? How to just use JWT-Tokens for auth and reject request in case of invalid tokens?
I have the feeling as if the JWT-Validation is still bypassed.
Thanks in advance,
Stephen
Henkel AG & Co. KGaA
Sitz: 40191 Düsseldorf, Deutschland
Handelsregister: Amtsgericht Düsseldorf, HRB 4724
Vorsitzende des Aufsichtsrats: Dr. Simone Bagel-Trah
Persönlich haftende Gesellschafterin:
Henkel Management AG
Sitz: 40191 Düsseldorf; Deutschland
Handelsregister: Amtsgericht Düsseldorf, HRB 58139
Aufsichtsratsvorsitzende: Dr. Simone Bagel-Trah
Vorstand: Carsten Knobel (Vorsitzender),
Jan-Dirk Auris, Sylvie Nicol,
Bruno Piacenza, Jens-Martin Schwärzler, Marco Swoboda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20200325/4a0c0cad/attachment.htm>
More information about the slurm-users
mailing list