Hi
one comment (might have already been made by others):
NIKHEF supports MPI jobs. I am not sure what other sites supporting MPI
do, but at NIKHEF we already have autogenerated keys in the pool home
dirs. So we don't really appreciate people removing them and
substituting their own.
JT
Christos Kanellopoulos wrote:
> Dear All,
>
> I was asked by George Tsouloupas to forward his reply to the
> lcg-rollout mailling list that will hopefully clarify the situation a
> bit. Unfortunatelly he is not a member of the list and while he tried to
> subscribe himself today, he did not succeed up to now.
>
> Best regards,
>
> Christos Kanellopoulos
> HellasGrid CA/SEE-GRID CA Manager
>
>
> -------- Original Message --------
> Subject: How to blacklist a certificate at site level ??
> Date: Mon, 13 Jun 2005 20:17:33 +0300
> From: George Tsouloupas <[log in to unmask]>
> To: Christos Kanellopoulos <[log in to unmask]>
>
> Hi All,
>
> I really hope this makes it to the list.
>
> I've sent numerous mails to our ROC but it looks like the information
> I provide is not making it back to the lists.
>
> Again, This is NOT a malicious attack of any kind. As part of a
> benchmarking/testing tool we are developing, this was an attempt to run an
> MPI job, that requires passwordless ssh between WN's in order to work.
>
>
> I used to do this routinely within CrossGrid to "test-and-fix" MPI
> support for my account at a site
>
> There was no attempt to by-pass any queuing systems or gain
> unaccounted-for access to the worker nodes. The generated keys were
> unique to each site and never left the site.
>
>
> There was NO INTENTION and NO ATTEMPT to compromise security NOR was
> security compromised. I was using the tools available so I could do my
> job. Again, security WAS NOT compromised, nothing was copied to anywhere
> but my account, there is no attempt to get unauthorized access. I was
> simply trying to get my processes to cooperate after submitting an MPI job
>
>
> If this is unacceptable behavior then we must really figure out a way to
> prevent it, otherwise the next time it could be someone malicious.!
>
>
>
> Thanks
>
> George
>
>
>
>
>
>
|