Syntax
LSF_AUTH=eauth | ident
Description
Enables
either external authentication or authentication by means of identification daemons. This parameter is required
for any cluster that contains Windows hosts, and is optional for UNIX-only
clusters. After defining or changing the value of
LSF_AUTH,
you must shut down and restart the LSF daemons on all server hosts
to apply the new authentication method.
- eauth
For site-specific customized external authentication. Provides
the highest level of security of all LSF authentication methods.
- ident
For authentication using the RFC 931/1413/1414 protocol to
verify the identity of the remote client. If you want to use ident authentication,
you must download and install the ident protocol,
available from the public domain, and register ident as
required by your operating system.
For UNIX-only clusters, privileged ports
authentication (
setuid) can be configured by commenting
out or deleting the LSF_AUTH parameter. If you choose privileged ports
authentication, LSF commands must be installed as
setuid programs
owned by
root. If the commands are installed in
an NFS-mounted shared file system, the file system must be mounted
with
setuid execution allowed, that is, without
the
nosuid option.
Restriction: To
enable privileged ports authentication, LSF_AUTH must
not be defined; setuid is not a valid value for LSF_AUTH.
Default
eauth
During
LSF installation, a default eauth executable is
installed in the directory specified by the environment variable LSF_SERVERDIR.
The default executable provides an example of how the eauth protocol
works. You should write your own eauth executable
to meet the security requirements of your cluster.