[gpfsug-discuss] Question on CES Authentication - LDAP
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Tue Oct 29 10:14:57 GMT 2019
On Mon, 2019-10-28 at 13:12 -0400, Valdis Klētnieks wrote:
> On Mon, 28 Oct 2019 14:02:57 -0000, "Oesterlin, Robert" said:
> > Any by the way, stores a plain text password in the sssd.conf file
> > just for good measure!
>
> Note that if you want the system to come up without intervention, at
> best you can only store an obfuscated password, not a securely
> encrypted one.
>
Kerberos and a machine account spring to mind. Crazy given Kerberos is
a Unix technology everyone seems to forget about it.
Also my understanding is that in theory a TPM module in your server can
be used for this
https://en.wikipedia.org/wiki/Trusted_Platform_Module
Support in Linux is weak at best, but basically it can be used to store
passwords and it can be tied to the system. Locality and physical
presence being the terminology used.
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list