Configuration to modify external authentication
You can modify external authentication behavior by writing your own eauth executable and by modifying configuration parameters.
The configuration parameters modify various aspects of external authentication behavior by:
- Increasing security by using an external encryption key (recommended)
- Specifying a trusted user account under which the eauth executable runs (UNIX and Linux only)
Note: To use the lsf.sudoers file, you must enable the
setuid bit for the LSF
administration commands. Run the hostsetup --setuid command option on the
LSF management and candidate hosts. Since this allows LSF
administration commands to run with root privileges, do not enable the setuid bit if you do not want
these LSF
commands to run with root privileges.
The hostsetup --setuid command enables the setuid bit for the following LSF executable files: badmin, lsadmin, egosh, utmpreg, swtbl_api, ntbl_api, lstbl_nid, and swtbl_poe.
Configuration to modify security
File | Parameter and syntax | Descriptions |
---|---|---|
lsf.sudoers | LSF_EAUTH_KEY=key |
|
LSF_EAUTH_OLDKEY=key |
|
|
LSF_EAUTH_OLDKEY_EXPIRY=[[year:][month:]day:]hour:minute |
|
Configuration to specify the eauth user account
On UNIX hosts, the eauth executable runs under the account of the primary LSF
administrator. You can modify this behavior by specifying a different trusted user account. For
Windows hosts, you do not need to modify the default behavior because eauth runs
under the service account, which is always a trusted, secure account.
File | Parameter and syntax | Description |
---|---|---|
lsf.sudoers | LSF_EAUTH_USER=user_name |
|