[mvapich-discuss] Disable interactive login to compute node

Satoshi Isono isono at cray.com
Tue Jul 14 00:28:07 EDT 2009 

Dear Guangyu,

Thanks for your advice. From your view, I am interested in WMS. Is WMS
contained in latest PBS pro package? Can we use WMS on other job
scheduler like Sun Grid Engine?

Regards,
Satoshi Isono

-----Original Message-----
From: henry.wuguangyu at gmail.com [mailto:henry.wuguangyu at gmail.com] On
Behalf Of Guangyu Wu
Sent: Monday, July 13, 2009 3:15 PM
To: Satoshi Isono; Bill Barth; mvapich-discuss at cse.ohio-state.edu
Subject: Re: [mvapich-discuss] Disable interactive login to compute node

Hello:
This has been a common security/management issue raised by admins.
Not sure if anyone has addressed it without using a WMS.
The latest version of PBS Pro provides a way around where the
methodology is simple, I.e, having the WMS daemon on nodes scanning
processes owner, if the owner doesn't has a job (submitted thru WMS)
running then kill the processes. This way even reomote login is not
possible.
Of course some exception are there, e.g. User can login a node during
the time his job is running there. Admins can except some users who is
not limited by this behavior.
HTH
Henry, Wu



On 7/13/09, Satoshi Isono <isono at cray.com> wrote:
> Hello Bill, everyone,
>
> Sorry, this issue may not be a MVAPICH article. Please let me have
your
> opinion on this.
>
> The background is I use MVAPICH based on SSH authorization. And the
> number of users is more one thousand. In order to run MPI, I have done
> SSH setting. As a result of my configuration, SSH login between
compute
> nodes does not need password. As we know, this is general setting for
> MPI run environment.
>
> On the other hand, anyone who has an account on compute node has done
> login for arbitrary nodes. This action is not cared from system
security
> side. I think we should consider that all users aren't able to login
> during other users job running.
>
> My concern is how everyone control such as operations. I know this may
> depend on the system policy. On big system site like a TACC, how is
this
> restricted?
>
> For example, before/after running MPI, to set available user, we are
> able to edit password file, automatically?
>
> Best regards,
> Satoshi Isono
>
>
> _______________________________________________
> mvapich-discuss mailing list
> mvapich-discuss at cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/mvapich-discuss
>

More information about the mvapich-discuss mailing list