[gpfsug-discuss] Question on CES Authentication - LDAP

Jonathan Buzzard jonathan.buzzard at strath.ac.uk
Tue Oct 29 10:14:57 GMT 2019


On Mon, 2019-10-28 at 13:12 -0400, Valdis Klētnieks wrote:
> On Mon, 28 Oct 2019 14:02:57 -0000, "Oesterlin, Robert" said:
> > Any by the way, stores a plain text password  in the sssd.conf file
> > just for good measure!
> 
> Note that if you want the system to come up without intervention, at
> best you can only store an obfuscated password, not a securely
> encrypted one.
> 

Kerberos and a machine account spring to mind. Crazy given Kerberos is
a Unix technology everyone seems to forget about it.

Also my understanding is that in theory a TPM module in your server can
be used for this

https://en.wikipedia.org/wiki/Trusted_Platform_Module

Support in Linux is weak at best, but basically it can be used to store
passwords and it can be tied to the system. Locality and physical
presence being the terminology used.

JAB.

-- 
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG





More information about the gpfsug-discuss mailing list