none
Kerberos Authentication for Job Scheduler RRS feed

  • Question

  • I hope someone here can help me with an issue my company is having.  We have a 4 node cluster set up in our datacenter and it is registered in Active Directory.  When users submit a job from their workstations around the building, they are prompted to log in to the head node before their job officially goes through.

    The issue is that our company has been working to eliminate passwords and many of the employees who need access to the program do not have logins at this time (we have been created some in the meantime while working to find a permanent solution).  Our company has smart badges so that when a user inserts it into their computer at logon, all they need to provide is a 4 digit PIN and then they are authenticated.  Most of our other software takes this Kerberos ticket and uses it as a pass through authentication, such as having the company homepage automatically detect your and let you see your sensitive information without entering a password.  We ran Wireshark to examine the network traffic, and it looks as though CCS does not even try to look for a Kerberos authentication, it simply defaults automatically to NTML.  We want to know if there is a way to get CCS to use this pass through authentication to send to the cluster. 

    We are using the older version of CCS on Windows 2003 x64 and have not yet tried any of the betas for HPC 2008.  Would there be any additional changes in it that would help us?

    Thanks for any help.  I will answer any questions you have that may help you find a solution.
    Friday, May 16, 2008 7:28 PM

Answers

  • Hi Erick,

    Unfortunately there are no changes in this regard in version 2.  We still use the Username/Password to log the user in to the compute node for job execution.  So while users can use Kerberos to connect to the cluster, they must provide a Username/Password with which their job can run.

     

    We are aware that there are an increasing number of customers using smartcard authentication and are looking into a solution for version 3.

     

    In the meantime, it may be possible to craft a solution using some sort of user account mapping or using service accounts, but I understand that this is not ideal.

     

    Thanks,
    Josh

    Thursday, May 22, 2008 8:24 AM
    Moderator

All replies

  • Hi Erick,

    Unfortunately there are no changes in this regard in version 2.  We still use the Username/Password to log the user in to the compute node for job execution.  So while users can use Kerberos to connect to the cluster, they must provide a Username/Password with which their job can run.

     

    We are aware that there are an increasing number of customers using smartcard authentication and are looking into a solution for version 3.

     

    In the meantime, it may be possible to craft a solution using some sort of user account mapping or using service accounts, but I understand that this is not ideal.

     

    Thanks,
    Josh

    Thursday, May 22, 2008 8:24 AM
    Moderator
  • Josh,
      Hi there, it's been over 1 year; I'm a member of Erick's team and am wondering if there has been any new progress on pass-through authentication with smartbadge with version 3?

    Thanks,
    Mike
    Tuesday, April 21, 2009 7:04 PM