Also Vintela VAS should work.. Anyone have first hand experience with using either centrify or vas in their cluster for user authentication? I gather that you still have to run a lightweight ldap server on the headnode in order to have the compute nodes authenticate the user.. thoguths? dan -----Original Message----- From: bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics.org [mailto:bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics. org]On Behalf Of Joe Landman Sent: Wednesday, August 23, 2006 5:15 PM To: HPC in Bioinformatics Subject: Re: [Bioclusters] pointers on cluster integration with MS activedirectory environments www.centrify.com Chris Dagdigian wrote: > > Hi folks, > > Figured I'd ask here before trying the beowulf list ... > > I'm working with an organization that will be deploying a midsized life > science oriented cluster in the next few months. This group is in the > business of making new products, selling products and > discovering/developing new products -- the message from the top down is > that IT is a tool that they need to be able to use effectively but they > don't want to be in the position of designing, managing and deploying > lots of custom/complex or one-off IT solutions. > > This means that their IT systems tend to be well designed, extremely > well documented and focused on ease-of-maintenance. In many cases the > solutions are designed with an eye towards handing off the day to day > operation/management to a 3rd party infrastructure/operations provider > or contractor. > > The organization already has a robust and well-managed directory > services infrastructure based on MS Windows and Active Directory. There > is *strong* interest in extending this directory service into the realm > of the biocluster so that they don't have to roll out and manage a > totally separate access scheme for cluster users. > > I've done enough work in the lab with AD, LDAP and Kerberos to know that > Linux+Kerberos can usually play nicely and authenticate against Active > Directory servers but I have not personally done this further than > simple experimentation on test systems. Getting a single Linux box to > authenticate against the domain is one thing; integrating 80+ linux > boxes is something different. > > Have people on this list done Active Directory integration with full > clusters? I'm interested in all pointers, war stories, product/vendor > recommendations etc. that people would be willing to share. Of > particular concern to me is how to bring the directory/authentication > info into the private cluster network so the compute nodes can make use > of it -- some methods involve password synchronization and others seem > to involve bringing an AD server directly onto the cluster network. > Only a few of the commercial Linux/Active Directory integration > offerings seem to promise "minimal or zero" configuration changes on the > actual domain server (a key point as I doubt we'll be allowed to mess > with the domain servers much themselves). > > I'll summarize any responses and can tell y'all how the project went > sometime next year! > > Regards, > Chris > > > > > _______________________________________________ > Bioclusters maillist - Bioclusters at bioinformatics.org > https://bioinformatics.org/mailman/listinfo/bioclusters -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: landman at scalableinformatics.com web : http://www.scalableinformatics.com phone: +1 734 786 8423 fax : +1 734 786 8452 or +1 866 888 3112 cell : +1 734 612 4615 _______________________________________________ Bioclusters maillist - Bioclusters at bioinformatics.org https://bioinformatics.org/mailman/listinfo/bioclusters