To: mbarker@MIT.EDU Cc: wdc@MIT.EDU, rbasch@MIT.EDU Subject: batch systems notes Date: Fri, 30 May 1997 18:33:41 EDT I've spent some time looking at the capabilities and features of various network batch systems, both commercial and public domain, with an emphasis on security features, particularly support for Kerberos and/or AFS. There are apparently only a couple systems with any real support for AFS/Kerberos currently available: LSF (Load Sharing Facility), a commercial product from Platform Computing, and DQS (Distributed Queuing System), a public domain package from the Supercomputer Computation Research Institute at FSU. In addition, there is a package called khat (Kerberized "at", not a network batch system) that was done as research work at Michigan U., which is freely available but is apparently not maintained or in use anywhere. The following are some notes compiled in examining these three packages from a security standpoint. LSF --- - AFS token renewal via supplied daemon for AFS server (list of trusted hosts from which tokens are accepted) - esub/eexec external submission/execution used for token transfer (not encrypted, can be modified though) From the Platform web site... AFS token transfer for LSF jobs is supported on: ALPHA/AXP systems running Digital UNIX 3.x HP 9000/700 and HP 9000/800 systems running HP-UX 9.x and 10.x SPARC systems running SunOS 4.1.x and Solaris 2.3, 2.4 and 2.5 SGI MIPS systems running IRIX 5.2 and 5.3 RS/6000 systems running AIX 3.2.x and 4.1 - alternately, renewal via clear password stored in file on server - external authentication (eauth) hooks for client and server, could be used for Kerberos authentication (samples provided) -- ensure not subvertible by root client! - external program invoked on both client/server to write/read auth. data - similar support for DCE/DFS authentication - users must have valid accounts on all hosts - maybe workaround via external authentication hook? (need to add/remove from server passwd) - client hosts must be configured?! - has an API, so theoretically we could write our own submit program against it DQS --- - No authentication; users must have valid accounts on server, relies on reserved port (i.e. trusted root execution on client) for security - No encryption of job information - AFS token (re)authorization supported via password supplied on submit or via file(!); password (possibly encrypted) is passed to server as part of job parameters. The execution server can be configured to run klog periodically to renew AFS tokens. - Commercial version called CODINE is available from GENIAS Software in Germany; have so far been unable to get any information from them on AFS/Kerberos support. khat ---- - not a true network batch system - not a completed production-quality system, unsupported - requires ticket-generating daemon running on *Kerberos* server - generates persistent key stored on client/execution machine, in process memory, lost if machine rebooted Of the three, LSF seems to have the best thought-out mechanisms for dealing with dealing with AFS/Kerberos, as far as I can tell from their documentation. DQS has the advantage that it is free and we could modify the source code to make it support the desired level of authentication. All other things being equal, though, if we decide to modify an existing public domain package, we might also consider just taking NQS, the most widely-used free UNIX queuing system, as a starting point, given that the AFS support in DQS is fairly simplistic. At this point, there is probably no point in looking any further at khat. Bob