[AG-TECH] Multiple users of a node - what strategy?
Randy Groves
randy.groves at boeing.com
Thu Sep 18 13:49:00 CDT 2003
I'm in the process of setting up several nodes (all Windows) here in the
company, and I've run into some issues having to do with multiple users of
a node. Which is making me wonder whether the user/node model is
completely fleshed out.
So - I've installed the software on the machine, and configured an AG node
using that account. What I want is for that machine to always show up with
the NODE profile, no matter who's logged in. Obviously, I could reqiure
that everyone log into this special account, but (security issues with
globally known passwords aside), this is unworkable in reality, because
many people have requirements to be logged on to their personal account in
order to run a meeting.
Running some experiments, I find that the next person that logs in, and
tries to run the client is confronted with a message that indicates that
the Globus configuration could not be determined. I tried to import CA
certs, etc. after the client was up, but it became obvious that what I
needed to do, before I started the client, was to set up Globus for this
account.
Once that was done, the next decision is - what cert do I use? Ideally,
the user has their own cert, and that would probably be OK. And if you
want to ignore the globally known password issue, then we could use a
'node' certificate.
But the next step, where the this 'new' user is confronted with the profile
setup, is more problematic. In this case, I don't want them mucking with
the node profile. Perhaps, since there is a 'node' type of profile, some
way of indicating, that for this node, the node profile is pre-eminent, and
perhaps also, a way of inidicating that there is also a 'user' profile
being used for this session. That way the remote sites could identify both
the 'car' and the 'driver'.
And I'm not even thinking about the problems that accrue when someone is
using a floating profile (does anyone do this anymore - we certainly had
mondo problems with it here at Boeing) for their login ...
-randy
More information about the ag-tech
mailing list