Hello everybody,
I've got an HPC cluster on a private network without access to our LDAP servers for reasons I don't have any influence on at the moment. Users connect to special nodes called submit nodes to submit (eh!) jobs on the cluster. Those nodes have access to the public facing network (hence our LDAP servers) and the cluster private network.
At the moment, /etc/passwd /etc/group and /etc/shadow are simply dumped on all cluster nodes. I'd like to move away from this setup.
How to update the submit nodes to use sssd with an ldap auth_provider should not cause any trouble. I'm concerned about the nodes accessible on the private network.
I could configure submit nodes as ldap slaves, but there are security aspects in that setup I'd like to avoid. My question is quite simple : is there a way to leverage the "sssdified" submit nodes on other nodes using some kind of relay/proxy ?
Any suggestion is welcome !
Jean-Baptiste