On Tue, Oct 18, 2005 at 11:15:58AM +0100, Dr D J Colling wrote:
> Hi Simon,
>
> The account re-cycling was turned off because of security reasons. As
> accounts are created automatically, provided that each job cleans up after
> itself, what are the problems with having a large number of accounts?
I can't see any security problems (provided that the clean up really works).
But an account per job might cause other problems.
* RH73 only uses 16 bit uids as far as i can remember so you can only have
65k accounts which will limit the amount of VOs that you can support.
Since RH73 is going away this might not be an issue.
* What Steve suggested recently about different resource allocations inside
a VO will be a lot trickier or even impossible.
I can't really see what the advantages are for this model, i am sure there
is a reason behind the suggestion but at the moment i can't imagine anything.
Cheers,
Kostas
|