Speaker
Mr
Igor Sfiligoi
(INFN LABORATORI NAZIONALI DI FRASCATI)
Description
Multi-user pilot infrastructures provide significant advantages for the communities using them, but also create new security challenges.
With Grid authorization and mapping happening with the pilot credential only, final user identity is not properly addressed in the classic Grid paradigm.
In order to solve this problem, OSG and EGI have deployed glexec, a privileged executable on the worker nodes that allows for final user authorization and mapping from inside the pilot itself.
The glideinWMS instances deployed on OSG have been now using glexec on OSG sites for several years, and have started using it on EGI resources in the past year.
The user experience of using glexec has been mostly positive, although there are still some edge cases where things could be improved.
This talk provides both the usage statistics as well as a description of the still remaining problems and the expected solutions.
Authors
Dr
Burt Holzman
(Fermi National Accelerator Laboratory)
Mr
Claudio Grandi
(INFN Bologna)
Mr
Dan Bradley
(University of Wisconsin-Madison)
Prof.
Frank Würthwein
(University of California San Diego)
Mr
Igor Sfiligoi
(INFN LABORATORI NAZIONALI DI FRASCATI)
Mr
Igor Sfiligoi
(University of California San Diego)
Igor Sfiligoi
(Univ. of California San Diego (US))
Mr
Jeffrey Michael Dost
(University of California San Diego)
Prof.
Kenneth Bloom
(University of Nebraska-Lincoln)
Mr
Zachary Miller
(University of Wisconsin-Madison)
