[AG-TECH] Multiple users of a node - what strategy?

Randy Groves randy.groves at boeing.com
Thu Sep 18 13:49:00 CDT 2003


I'm in the process of setting up several nodes (all Windows) here in the 
company, and I've run into some issues having to do with multiple users of 
a node.  Which is making me wonder whether the user/node model is 
completely fleshed out.

So - I've installed the software on the machine, and configured an AG node 
using that account.  What I want is for that machine to always show up with 
the NODE profile, no matter who's logged in.  Obviously, I could reqiure 
that everyone log into this special account, but (security issues with 
globally known passwords aside), this is unworkable in reality, because 
many people have requirements to be logged on to their personal account in 
order to run a meeting.

Running some experiments, I find that the next person that logs in, and 
tries to run the client is confronted with a message that indicates that 
the Globus configuration could not be determined.  I tried to import CA 
certs, etc. after the client was up, but it became obvious that what I 
needed to do, before I started the client, was to set up Globus for this 
account.

Once that was done, the next decision is - what cert do I use?  Ideally, 
the user has their own cert, and that would probably be OK.  And if you 
want to ignore the globally known password issue, then we could use a 
'node' certificate.

But the next step, where the this 'new' user is confronted with the profile 
setup, is more problematic.  In this case, I don't want them mucking with 
the node profile.  Perhaps, since there is a 'node' type of profile, some 
way of indicating, that for this node, the node profile is pre-eminent, and 
perhaps also, a way of inidicating that there is also a 'user' profile 
being used for this session.  That way the remote sites could identify both 
the 'car' and the 'driver'.

And I'm not even thinking about the problems that accrue when someone is 
using a floating profile (does anyone do this anymore - we certainly had 
mondo problems with it here at Boeing) for their login ...

-randy






More information about the ag-tech mailing list