3

I'm looking into the security of SLURM. None of the documentation is very clear about how it works. So far I have ascertained that authentication of users is done using MUNGE.

As far as I can tell MUNGE works like this:

  1. All machines in the cluster must have trusted root. In other words, untrusted users can use them, but they should not have root access.
  2. All the machines have a munge user that runs munged, and a pre-shared mungekey that is only readable by the munge user.
  3. All machines must use the same UIDs and GIDs for all users.

Then a user can prove that they are user dave (UID 7), by simply sending a sign this payload as being from me: ... request over a Unix socket to munged. munged apparently has a way of reliably getting the UID of the sender (I didn't look up how), so it puts the payload, mungekey and uid=7 into a cryptographer, which spits out a credential.

The user can send that credential with the payload to any other node in the cluster, and since it has the same list of UIDs and the same mungekey it can verify that the payload did in fact come from dave.

Seems reasonable, but what about encryption? Are any of the communications between nodes encrypted at all? As far as I can tell they are not, which seems like a big oversight in this decade.

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.