[slurm-users] pam_slurm_adopt not working for all users
loris.bennett at fu-berlin.de
Thu May 27 08:24:41 UTC 2021
Ole Holm Nielsen <Ole.H.Nielsen at fysik.dtu.dk> writes:
> Hi Loris,
> On 5/27/21 8:19 AM, Loris Bennett wrote:
>> Regarding keys vs. host-based SSH, I see that host-based would be more
>> elegant, but would involve more configuration. What exactly are the
>> simplification gains you see? I just have a single cluster and naively I
>> would think dropping a script into /etc/profile.d on the login node
>> would be less work than re-configuring SSH for the login node and
>> multiple compute node images.
> IMHO, it's really simply to setup hostbased SSH authentification:
Your explanation is very clear, but it still seems like quite a few
steps with various gotchas, like the fact that, as I understand it,
shosts.equiv has to contain all the possible ways a host might be
addressed (short name, long name, IP).
> This is more secure on Linux clusters, and you don't need to configure users'
> SSH keys, so it requires less configuration for the sysadmin in the long run.
It is not clear to me what the security advantage is and setting up the
keys it just one script in /etc/profile.d. Regarding the long term, the
keys which were set up on our old cluster were just migrated to the new
cluster and still work, so it is also a one-time thing.
I assume I must be missing something.
Dr. Loris Bennett (Hr./Mr.)
ZEDAT, Freie Universität Berlin Email loris.bennett at fu-berlin.de
More information about the slurm-users