Sep 2 – 9, 2007
Victoria, Canada
Europe/Zurich timezone
Please book accomodation as soon as possible.

An SSH Key management system: easing the pain of managing key/user association

Sep 5, 2007, 8:00 AM
10h 10m
Victoria, Canada

Victoria, Canada

Board: 27
poster Distributed data analysis and information management Poster 2

Speaker

Dr Jerome Lauret (BROOKHAVEN NATIONAL LABORATORY)

Description

Secure access to computing facilities has been increasingly on demand of practical tools as the world of cyber-security infrastructure has changed the landscape to access control via gatekeepers or gateways. However, the venue of two factor authentication (SSH keys for example) preferred over simpler Unix based login has introduced the challenging task of managing private keys and its association with individual users. Moreover, while a facility could simplify their model as one key one remote user therefore one local user and deploy a strategy along the lines of LDAP-SSH (Darwin project), such approach would not work for facilities allowing mapping between one “real” remote user and many local accounts adding to that the complexity and dimension of possibly multiple servers. We will present an SSH key management system we developed, tested and deployed to address the one to many dilemma in the RHIC/STAR experiment. We will explain its use in an online computing context and explain the problems it addresses amongst which, making possible the management and tracing of group account access spread over many sub-system components (data acquisition, slow control, trigger groups) without the need of publicly known passwords (while keeping track at all times who/where).
Submitted on behalf of Collaboration (ex, BaBar, ATLAS) STAR

Primary authors

Dr Dmitry ARKHIPKIN (Particle Physics Laboratory - Dubna) Dr Jerome Lauret (BROOKHAVEN NATIONAL LABORATORY)

Co-authors

Mr Alexander SHIRYAEV (Particle Physics Laboratory - Dubna) Mr Wayne BETTS (BROOKHAVEN NATIONAL LABORATORY)

Presentation materials