Hi Fokke,
I have to disagree and suggest that these fixes are included in yaim.
The yaim installation should at least aspire to be Secure By Default.
That is, if I follow the yaim instructions to the letter, when
installing a grid site, including the yaim torque installation, I should
be able to expect that this installation does not contain known and
fixable security vulnerabilities.
As I understand it, yaim gives a default installation for a 'typical'
site. This installation is acheived by simple, uncomplicated bash
scripts which can be easily understood by site admins. If a site has a
reason to move away from the default installation, it is assumed they
have the expertise to understand the yaim installation and what they
must do to change it to match their local conditions. Included in this
must be to understand for themselves the security implications of their
changes. If the site admin wants to review the security of the yaim
installation and improve (or relax) this according to their own
policies, then good, but the default installation itself should be secure.
Yaim provides a default torque installation, which can be separated from
the CE installation. This torque installation includes configuring
torque to use password free ssh between WN and CE's - so yaim is already
doing the setup of ssh on the site in this case.
regards,
Owen.
Fokke Dijkstra wrote:
> Hello all,
>
> As Steve mentioned on the wiki page, some of the fixes may break MPI
> support. I would not like such fixes to be the default in yaim.
> Currently for MPI support ssh access between the workernodes is
> necessary.
>
> As far as I understood yaim was only meant to perform the setup of
> the LCG middleware. Sites using yaim will have to do the rest of the
> configuration, like the setup of ssh and tcp wrappers, themselves. I
> would like it to stay this way, because otherwise it is very hard to
> be able to make use of yaim functionality when using cluster
> management software.
>
> Hints about the setup on a wiki are of course very welcome.
>
> Kind regards,
>
> Fokke
--
=======================================================
Dr O J E Maroney # London Tier 2 Technical Co-ordinator
Tel. (+44)20 759 47802
Imperial College London
High Energy Physics Department
The Blackett Laboratory
Prince Consort Road, London, SW7 2BW
====================================
|