Agenda, Discussion, and Action Items
Discuss how we will engage others in XSEDE to evolve existing interactive login capabilities.
Which use cases does this concern?
- CAN-04 - Interactive login
Most high-performance computing and high-throughput computing services require users to open a remote terminal session on a login server. This is a vital access mode for shared computing services.
- CAN-06 - Authenticate with an application
An individual needs to securely share his or her identity with an application in order to use a feature that requires authorization.
- HPC-01 & HPC-02
- HTC-01 & HTC-02
- DA-01 through DA-05
- VIS-01 through VIS-05
- CB-08 - Use XSEDE SSO with campus login servers
A campus IT administrator wants to allow XSEDE-registered researchers to login to campus login servers (remote command shell) using their XSEDE usernames/passwords.
- RC-03? - Install software on a resource for use by a research community
Which use cases does this NOT concern?
- CAN-01 - Run a remote job
- SGW-03 - Science Gateway community execution management
- SP login nodes with GSI OpenSSH server and Globus client (from Globus)
- SSO hub with OpenSSH using Kerberos and xsede-user-tfa PAM modules (from XSEDE) and Globus GSI OpenSSH client (from Globus)
- Any command line client running any SSH client accessing the SSO hub
Possible future components:
- SP login nodes with GSI OpenSSH server and Globus client (from the Grid Community Toolkit)
- Q: Who would be providing the support for this software (GSI* from GCT)?
- Any command line client running any SSH client with the Globus SDK (a.k.a. Globus Auth OpenSSH)
- Any command line client running any SSH client with web based login service (a.k.a. Lee's pilot)
- Jupyter based browser login client
- Lee thinks Jupyter isn't a login client. (It doesn't provide a terminal interface on the compute system.) True or false?
- If the above is true, is the idea that users will no longer need terminal interfaces on XSEDE systems? That seems unlikely given the current systems.
- Open OnDemand
Next steps / actions
- Meeting with which people
- SP PIs - They design & maintain the systems XSEDE provides access to and know the intended uses, users
- Campus login server admins (CB-08) - They design campus login services & asked for SSO Hub access
- Heavy SSH users on current XSEDE systems (SSO hub, others?)
- With what purpose
- Confirm how SSH is currently used/needed on XSEDE SP systems, campus research systems.
- Find out about future/upcoming systems and their interfaces.
- Get a sense of the future needs for SSH access and how folks would LIKE it to work.