The following new features affect cluster security.
New administration subcommand to check the LSF security configuration
LSF now has a new badmin security view subcommand to check the current configuration of the LSF security mechanism.
The badmin security view command displays a summary of the current configuration.
The badmin security view -v command option provides a detailed description of the current configuration and displays any changes that you need to make to the configuration to secure your cluster.
Using the previous user authentication key
LSF now allows you to continue using the previous eauth key for encrypting and decrypting user authentication data. After defining a new eauth key, this gives LSF administrators time to update the eauth key on each host in the cluster without disrupting authentication operations.
To continue using the old eauth key when defining a new key, rename the current LSF_EAUTH_KEY parameter in the lsf.sudoers file to LSF_EAUTH_OLDKEY, then define the LSF_EAUTH_OLDKEY_EXPIRY parameter to specify an expiry date for the old key. Define a new LSF_EAUTH_KEY parameter with the new eauth key as the value. After the expiry date, the old key no longer works and only the new LSF_EAUTH_KEY parameter works.
The date is in the form of [year-month-day] where the number ranges are as follows: year after 1970, month 1-12, day 1-31.
To enable the previous key, you must define both LSF_EAUTH_OLDKEY and LSF_EAUTH_OLDKEY_EXPIRY in the lsf.sudoers file.
Root privileges for LSF Application Center, LSF Explorer, LSF Process Manager, and LSF RTM
LSF now restricts root privileges on all hosts for LSF Application Center, LSF Explorer, LSF Process Manager, and LSF RTM by default.
If you are using LSF Application Center, LSF Explorer, LSF Process Manager, or LSF RTM, you must specify a space-separated list of hosts in the LSF_ADDON_HOSTS parameter in the lsf.conf file. This allows the root users on these specified hosts to remotely execute commands. You must also set LSF_DISABLE_LSRUN=N in the lsf.conf file to enable hosts that are running LSF Application Center to use the lsrun and lsgrun commands.