[gpfsug-discuss] ssh authentication on CES nodes
Jonathan Buzzard
jonathan.buzzard at strath.ac.uk
Mon Jul 22 23:41:32 BST 2024
On 22/07/2024 14:53, Talamo Ivano Giuseppe wrote:
> Dear all,
>
> I have a question regarding the CES service, aka protocol nodes.
> Our CES cluster is configured with the AD authentication and,
> accordingly to the documentation [1], SSSD should not be running on the
> CES nodes. For us that's quite annoying, since we can't login with our
> personal/central accounts and then sudo.
> Neither we can use winbind, since samba-winbind-modules package (that
> provides the necessary PAM module) conflicts with the gpfs.smb package.
> We will probably end up creating one or more local accounts and using
> ssh keys for access.
> But I wonder if someone with a similar problem found a better workaround.
>
Install on Ubuntu and use local accounts with libpam-krb5?
Use local accounts and pam_krb5 from EPEL on RHEL8/9?
From what I can make out with experimentation you don't actually have
to use SSSD on RHEL8+. Wish I had known that three years ago because
frankly SSSD as shipped with RHEL8 is not ready to take over from pam_krb5
JAB.
--
Jonathan A. Buzzard Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG
More information about the gpfsug-discuss
mailing list