LSF Version 7.3 - Platform LSF Configuration Reference
Feature: External authentication
The external authentication feature provides a framework that enables you to integrate LSF
with any third-party authentication product—such as Kerberos or DCE Security Services—to
authenticate users, hosts, and daemons. This feature provides a secure transfer of data within
the authentication data stream between LSF clients and servers. Using external authentication,
you can customize LSF to meet the security requirements of your site.
Contents
•
About external authentication (eauth)
•
Scope
•
Configuration to enable external authentication
•
External authentication behavior
•
Configuration to modify external authentication
•
External authentication commands
About external authentication (eauth)
The external authentication feature uses an executable file called eauth. You can write an eauth executable that
authenticates users, hosts, and daemons using a site-specific authentication method such as Kerberos or DCE Security
Services client authentication. You can also specify an external encryption key (recommended) and the user account
under which eauth runs.
Important:
LSF uses an internal encryption key by default. To increase security, configure an
external encryption key by defining the parameter LSF_EAUTH_KEY in
lsf.sudoers.
During LSF installation, a default eauth executable is installed in the directory specified by the parameter
LSF_SERVERDIR in lsf.conf. The default executable provides an example of how the eauth protocol works. You
should write your own eauth executable to meet the security requirements of your cluster.
Feature: External authentication
Platform LSF Configuration Reference 17