Date

Attendees

Goals

  • discuss requirements, and better understand the choices availble

Discussion items

TimeItemWhoNotes
30 
  • The 2 to 2:30 meeting, discuss around LSF as it current is configured, TRS history, the RPC callss it has
90  The 3 to 4:30 meeting, the white board session captures a lot of that

WhiteBoard photo

 

Left side

joe@WIN.SLAC.STANFORD.EDU ->

krbtgt/SLAC@WIN.SLAC ->

batchtkts/~ @SLAC ->

joe/batch/<...> @SLAC

 

Center Top Third (around the discussion of accounts and roles in a Kerberos domain)

joe/admin joe.admin@WIN.SLAC

ajoe

joe-a

 

Center mid-third

joe@SLAC.STANFORD.EDU  --> AFSID 2311 (AFSID=PTSID)

joe/batch/cluster1.slac.stanford.edu@SLAC  --> AFSID 2311

 

Center, bottom third, left

joe@WIN.SLAC

   on node with keytable entry host/ubuntu.win.slac.stanford.edu@win.slac.stanford.edu

aklog call

Center whiteboard, bottom third center and right

yfs-rxgk (connecting left with right)

On the right it connects to

joe@slac  PTSID 2311

joe/batch/cluster1.slac.stanford.edu PTSID 54000

Note to the far right about the audit trail availble here an the the ip based tracking with Good and BAD

Underneath the permit and do-not permit lists that are set on the file system.

Action items

  • as a group at SLAC consider cost and benefits to handle multiple identity/role principals (use of some existing Kerberos tools that are gssapi enable to  permit action, or leverage Auristor's means of having multiply identity/role tokens, and even negation in cases warranted (this at base is going to lean on the pts service.)