Joe Landman <[EMAIL PROTECTED]> writes: >> Isn't it a common practice in HPC to keep security rules relatively >> relaxed *inside* a cluster (passwordless logins between compute >> nodes for instance), whilst trying to harden the links to the >> external world? > > Yes. Leave the window wide open while bolting the door tight ... :(
I don't think that's "leaving the window open" since there is no window. If the only way to get to the cluster network is through a head node that is actually secure, then it is just fine to treat the cluster network as if it were the backplane of a single box and leave the cluster nodes fairly open. The head node can dispatch arbitrary jobs to all the boxes anyway, and once you've got code running on a box you can often break root anyway. One has to be reasonable about these things. Perry -- Perry E. Metzger [EMAIL PROTECTED] _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
