Dr Jerome Lauret (BROOKHAVEN NATIONAL LABORATORY)
Secure access to computing facilities has been increasingly on demand of practical tools as the world of cyber-security infrastructure has changed the landscape to access control via gatekeepers or gateways. However, the venue of two factor authentication (SSH keys for example) preferred over simpler Unix based login has introduced the challenging task of managing private keys and its association with individual users. Moreover, while a facility could simplify their model as one key one remote user therefore one local user and deploy a strategy along the lines of LDAP-SSH (Darwin project), such approach would not work for facilities allowing mapping between one “real” remote user and many local accounts adding to that the complexity and dimension of possibly multiple servers. We will present an SSH key management system we developed, tested and deployed to address the one to many dilemma in the RHIC/STAR experiment. We will explain its use in an online computing context and explain the problems it addresses amongst which, making possible the management and tracing of group account access spread over many sub-system components (data acquisition, slow control, trigger groups) without the need of publicly known passwords (while keeping track at all times who/where).
|Submitted on behalf of Collaboration (ex, BaBar, ATLAS)