Duncan and others,
You should not use static accounts if more than 1 user is to use them.
Users can steal each others proxies if more than 1 user uses the same
account. As John says, there is also the issue of traceability. The
Grid Security Vulnerability Group produced an advisory on this last
year.
http://www.gridpp.ac.uk/gsvg/advisories/advisory-12161.txt
Linda
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Gordon, JC (John)
> Sent: 22 February 2008 08:03
> To: [log in to unmask]
> Subject: Re: sgm/prd pool accounts
>
> Duncan, are you confident that if multiple people use an sgm account
at
> your site at the same time that you can satisfy the auditing
> requirements to know who did what?
>
> John
>
> > -----Original Message-----
> > From: Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Duncan Rand
> > Sent: 21 February 2008 16:12
> > To: [log in to unmask]
> > Subject: sgm/prd pool accounts
> >
> > Hi
> >
> > At RHUL and QMUL we are installing new clusters and I am
> > coming across the thorny issue of sgm and prd pool accounts.
> > I see that the yaim instructions now state that "Note: static
> > accounts are not recommended".
> > When I did a quick poll of VO's they said yes we can deal
> > with pool sgm accounts but we prefer static sgm accounts. So
> > at RHUL I am planning to use pool prd accounts and static sgm
> > accounts. Has anybody got any comments?
> >
> > many thanks
> > Duncan
> >
|