[OpenAFS] batch/cron jobs writing to afs file systems

Harald Barth haba@kth.se
Tue, 24 Apr 2012 18:00:02 +0200 (CEST)

>> http://workshop.openafs.org/afsbpw10/wed_3_2.html
> Thanks, that makes things clearer.

Glad to be of some help.

> Am I right in thinking that for a batch system each node would need to
> contact the auks server when a job started and request a kerberos TGT
> for the account the job was running under? i.e. the auks server would
> have to trust the requests it was getting from these nodes?

I don't know on what basis the jobstart and the auksd decide that the
node now "needs" a TGT. Maybe someone who knows can comment on that. I
would rather do a normal ticket forwarding (involving the KDC) to all
compute nodes from some master. I think the KDC should be able to cope
or get a dedicated KDC slave for that cluster.