LSF Version 7.3 - Administering Platform LSF
Administering Platform LSF 675
Authentication and Authorization
the $HOME/.rhosts file. Include the name of the local host in both files. This
additional level of authentication works in conjunction with
eauth, privileged ports
(
setuid), or identd authentication.
CAUTION: Using the /etc/hosts.equiv and $HOME/.rhosts files grants permission to use
the rlogin and rsh commands without requiring a password.
Strict checking protocol in an untrusted environment
To improve security in an untrusted environment, the primary LSF administrator
can enable the use of a strict checking communications protocol . When you define
LSF_STRICT_CHECKING in lsf.conf, LSF authenticates messages passed between
LSF daemons and between LSF commands and daemons. This type of
authentication is not required in a secure environment, such as when your cluster
is protected by a firewall.
IMPORTANT: You must shut down the cluster before adding or deleting the
LSF_STRICT_CHECKING parameter.
Authentication failure
If authentication fails (the user’s identity cannot be verified), LSF displays the
following error message after a user issues an LSF command:
User permission denied
This error has several possible causes depending on the authentication method
used.
Authorization options
Operating system authorization
By default, an LSF job or command runs on the execution host under the user
account that submits the job or command, with the permissions associated with
that user account. Any UNIX or Windows user account with read and execute
permissions for LSF commands can use LSF to run jobs—the LSF administrator
does not need to define a list of LSF users. User accounts must have the operating
system permissions required to execute commands on remote hosts. When users
have valid accounts on all hosts in the cluster, they can run jobs using their own
account permissions on any execution host.
Authentication method Possible cause of failure
eauth ◆ External authentication failed
identd ◆ The identification daemon is not available on the local or
submitting host
setuid ◆ The LSF applications are not installed setuid
◆ The NFS directory is mounted with the nosuid option
ruserok ◆ The client (local) host is not found in either the
/etc/hosts.equiv or the $HOME/.rhosts file on the
master or remote host