Dealing with clusters that require special access login #563
Replies: 1 comment
-
|
@santoshkumarradha: I've been thinking about this a bit lately. For instance, one of the machines I currently have access to requires the user to enter a 2FA code at the end of their password every single time they SSH in, no exceptions. That basically makes Covalent not particularly useful for such an HPC cluster (while respecting security protocols), and I envision that there are many "interesting" special access logins like you alluded to more broadly. Not sure there's a clear general approach, unfortunately. There are some HPC center-specific solutions like https://github.com/NERSC/sfapi_client but obviously it's not a one-size-fits all solution. The only way I can think of having something more general is being able to query the server from the HPC machine itself and dispatch jobs "locally" while already on the machine, but that's not the current structure of things and also HPC centers are something hesitant about this for security reasons. |
Beta Was this translation helpful? Give feedback.
-
Recently I came across few clusters which have their own interesting authentication method. There are multiple ways we can support them, the goal is to start a discussion.
Couple of constrains we might want to have are, to not have any resource specific code in our main SDK but instead of load it to the plugins. Again, multiple ways to achieve it
OWENSClusterExecuter(...)which can host its own cluster dependent customized methods.I lean towards 1. due to the variability and the cost to maintain/develop a framework that is universally supported for various techniques of authentication, especially in lieu of the said cluster having a very custom method to authenticate. Ofcourse the down side is that we would have few code duplications that might be there in this plugin that can potentially be useful for other plugins.
Beta Was this translation helpful? Give feedback.
All reactions