Speaker
Dr
Jerome Lauret
(BROOKHAVEN NATIONAL LABORATORY)
Description
Secure access to computing facilities has been increasingly on demand of practical
tools as the world of cyber-security infrastructure has changed the landscape to
access control via gatekeepers or gateways. However, the venue of two factor
authentication (SSH keys for example) preferred over simpler Unix based login has
introduced the challenging task of managing private keys and its association with
individual users. Moreover, while a facility could simplify their model as one key
one remote user therefore one local user and deploy a strategy along the lines of
LDAP-SSH (Darwin project), such approach would not work for facilities allowing
mapping between one “real” remote user and many local accounts adding to that the
complexity and dimension of possibly multiple servers.
We will present an SSH key management system we developed, tested and deployed to
address the one to many dilemma in the RHIC/STAR experiment. We will explain its use
in an online computing context and explain the problems it addresses amongst which,
making possible the management and tracing of group account access spread over many
sub-system components (data acquisition, slow control, trigger groups) without the
need of publicly known passwords (while keeping track at all times who/where).
| Submitted on behalf of Collaboration (ex, BaBar, ATLAS) | STAR |
|---|
Primary authors
Dr
Dmitry ARKHIPKIN
(Particle Physics Laboratory - Dubna)
Dr
Jerome Lauret
(BROOKHAVEN NATIONAL LABORATORY)
Co-authors
Mr
Alexander SHIRYAEV
(Particle Physics Laboratory - Dubna)
Mr
Wayne BETTS
(BROOKHAVEN NATIONAL LABORATORY)
