[OpenAFS] batch/cron jobs writing to afs file systems
Tue, 24 Apr 2012 18:00:02 +0200 (CEST)
> Thanks, that makes things clearer.
Glad to be of some help.
> Am I right in thinking that for a batch system each node would need to
> contact the auks server when a job started and request a kerberos TGT
> for the account the job was running under? i.e. the auks server would
> have to trust the requests it was getting from these nodes?
I don't know on what basis the jobstart and the auksd decide that the
node now "needs" a TGT. Maybe someone who knows can comment on that. I
would rather do a normal ticket forwarding (involving the KDC) to all
compute nodes from some master. I think the KDC should be able to cope
or get a dedicated KDC slave for that cluster.