----- "Dave Love" <[EMAIL PROTECTED]> wrote: > Chris Samuel <[EMAIL PROTECTED]> writes: > > > My information is that it's NSS that's more the problem > > here rather than PAm, because of the assumptions it makes. > > Well, the OP only talked about authentication.
I was the OP. ;-) To clarify, we'd need to both auth and do NSS lookups against the two AD systems. > > We'd prefer to steer clear of Kerberos, it introduces > > arbitrary job limitations through ticket lives that > > are not tolerable for HPC work. > > Why do you need to re-authenticate, If I create a 3 month long Kerberos ticket, and my PBS job will run for 3 months but ends up waiting in the queue for 2 weeks before it can start due to demand then that ticket will have expired before the job can complete. Now, if I don't do anything that requires further re-authentication then it'll probably be OK. But if I do, then it may not work.. > and if you do, surely you need to stash a credential > somewhere however you do it? The GSSAPI branch of Torque will cache the ticket for you, but (AFAIK) cannot extend the life of it. But it's academic anyway as I don't think that branch is usable in production currently. cheers, Chris -- Christopher Samuel - (03) 9925 4751 - Systems Manager The Victorian Partnership for Advanced Computing P.O. Box 201, Carlton South, VIC 3053, Australia VPAC is a not-for-profit Registered Research Agency _______________________________________________ Beowulf mailing list, Beowulf@beowulf.org To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
