Subject: | |
From: | |
Reply To: | |
Date: | Thu, 19 Jul 2007 18:19:16 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Connie Sieh wrote:
> On Thu, 19 Jul 2007, Brett Viren wrote:
>
>> Hi Michael,
>>
>> Michael Hannon <[log in to unmask]> writes:
>>
>>> I'd like to know how others are dealing with this. Is anybody using
>>> Ubuntu clients with SL servers for instance? Any other words of
>>> wisdom on this topic?
>>
>> In our group we run Debian on our cluster, workstations and some
>> laptops. We are collaborators on two experiments that have picked
>> some flavor (MINOS with SLF and Daya Bay with SLC) of SL as the
>> dominant platform. For the most part there are no problems in terms
>> of client/server communication.
>>
>> The two real issues I have experienced are:
>>
>> 1) Fermi Kerberos (not really an SL issue, per se). Debian's
>> openssh-client package does't have kerberos support and if you use the
>> kerberized ones and place your workstation inside FNAL.GOV realm you
>> will suffer long timeouts when connecting to systems not known to the
>> realm servers. For this reason I run the standard openssh client and
>> keep an "ssh-krb" client for when logging in to FNAL.
>
> Since Ubuntu is based on Debian I assume the openssh in Ubuntu is not
> kerberized?
>
> -connie sieh
Ubuntu has a ssh-krb5 package that will replace the openssh packages, as
Brett said. This plays fine with FNAL kerberos, for the time being.
But this is ostensibly going to change as we all go through the fits and
starts of getting stuff migrated from using the "gssapi" authentication
to the "gssapi-with-mic" authentication. I successfully run an Ubuntu
installation and just use the ssh-krb5 binaries for all uses, but it's
not inside the FNAL.GOV realm, I just use kinit when I have a need to
ssh to a machine in the realm.
-Brian
|
|
|