----- "Dave Love" <[EMAIL PROTECTED]> wrote: > Having completely separate ADs for staff and students seems odd...
Yeah, I think they're wishing they'd not done that now.. :-) > Why doesn't it work to have two `sufficient' cases > of pam_ldap with different `config' args pointing > to different servers? My information is that it's NSS that's more the problem here rather than PAm, because of the assumptions it makes. > However, LDAP isn't an authentication protocol. Use > Kerberos for authentication. We'd prefer to steer clear of Kerberos, it introduces arbitrary job limitations through ticket lives that are not tolerable for HPC work. Say you submit a job that is in the queue for a week and then will run for 3 months - we don't know if the AD admins will permit the creation of a 4 month ticket "just in case".. There's also the fact that Torque doesn't have GSSAPI support in the mainline versions yet and what I hear about the GSSAPI branch implies that it is just for testing and development at present. cheers, Chris -- Christopher Samuel - (03) 9925 4751 - Systems Manager The Victorian Partnership for Advanced Computing P.O. Box 201, Carlton South, VIC 3053, Australia VPAC is a not-for-profit Registered Research Agency _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
