Username/Password authentation with sdmadm

SDM user normally an X.509 certificate stored in the in a java keystore to authenticate a user against SDM daemons. However if the keystore is not accessible from host also user name password authentication can be used. The following example shows how it works:

Assume that an administrator want to know the status of the JVMs a the SDM system, however there is no keystore for the user available on the workstation. By invoking a sdmadm show_jvm you will get the following error:

% sdmadm show_jvm
Error: permission denied

With the -ppw switch the user name/password authentication is activated:

% sdmadm -ppw show_jvm
username [root] > sdm_admin
password >
name host state used_mem max_mem message
-------------------------------------------------------------------------------------------
cs_vm master STARTED 10M 113M
executor_vm node1 STARTED 2M 31M
...

The user name password authentication works only if the following requirements are fulfilled:

  1. the user name be in the SDM admin user list:
  2. % sdmadm show_admin_user
    admin_user
    ----------
    sge_admin

    Additional users can be added with sdmadm add_admin_user.

  3. SDM uses the authuser binary which comes the the Grid Engine distribution. This binary can be found at $SGE_ROOT/utilbin/<arch>. It must have the correct permissions otherwise the it will not work.
  4. % ls -l $SGE_ROOT/utilbin/sol-sparc64/authuser
    -r-s--x--x 1 root root 554760 2008-05-26 13:37 /opt/sge62/utilbin/sol-sparc64/authuser
Comments:

Post a Comment:
Comments are closed for this entry.
About

rhierlmeier

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today