[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    Re: [Rocks-Discuss] Enabling hostbased authentication on Rocks.
From:       Roy Dragseth <roy.dragseth () uit ! no>
Date:       2012-05-30 8:11:42
Message-ID: 2174556.F8Rn3FAOCl () lux
[Download RAW message or body]

On Wednesday 30. May 2012 09.05.39 Adrian Sevcenco wrote:
> On 05/26/12 21:57, Roy Dragseth wrote:
> > I've been able to find a rather simple solution to the initial
> > distribution of the hostkeys.  Although not very elegant I think it takes
> > care of the security issue.
> 
> umm .. would munge help with something at this point?
> http://code.google.com/p/munge/
> 
> it is also the main auth mechanism for slurm ..
> 

I've seen munge mentioned occassionally on the torque list, but haven't had a 
chance to look into it.

BTW, I've found an even simpler solution for the problem of keeping the 
hostkeys away from prying eyes, just register the hostkeys with the 411 
service and do a 411get during <post>.  This will ensure that the hostkeys are 
in place before sshd starts on first boot after installation.  It should 
maintain the neccessary level of security, or am I missing something obvious 
again?

r.

[prev in list] [next in list] [prev in thread] [next in thread]