I realise not helpful with Lustre but we are using NFSv4 with krb5p mounts
to encrypt in flight.
Also AUKS to make the Kerberos tickets available to the compute nodes, an
idea from CERN.
All our nodes are AD integrated, so if the user is authenticated by AD they
can access the data, and not other
ck
it for viewing final results.
From: slurm-users on behalf of Michał
Kadlof
Date: Friday, December 17, 2021 at 4:41 PM
To: slurm-users@lists.schedmd.com
Subject: Re: [slurm-users] work with sensitive data
External Email Warning
This email originated from outside the university. Please use ca
On 15.12.2021 10:29, Hermann Schwärzler wrote:
We are currently looking into telling our users to use EncFS
(https://en.wikipedia.org/wiki/EncFS) for this.
This looks good to me. However it looks like it still require
interactive job to provide password manually. Would be great if anyone
cou
> One of the open problems is a way to provide the password for
mounting the encrypted directory inside a slurm-job. But this should be
solvable.
I'd be really interested to hear more about the mechanism to distribute
credentials across compute nodes in secure way, especially if we're
using f
Hi Michał,
hi everyone,
we are having similar issues looming at the horizon (sensitive medical
and human genetic data). :-)
We are currently looking into telling our users to use EncFS
(https://en.wikipedia.org/wiki/EncFS) for this. As it is a filesystem in
user-space unprivileged users can
Hi,
some of my users work with "sensitive data". Currently we use standard
unix groups with ACLs to limit access but I wonder if there is any way
to keep data encrypted (for example with gpg) and decrypt them "on the
fly" in Slurm job and then encrypt the results again after the job is
finish
