Speaker
Description
The token-based certification method is spreading in the distributed computing system of high energy physics. More and more software and middleware are supporting token as one of certification methods. As an example, WLCG has upgraded all the services to supporting WLCG token. In IHEP(Institute of High Energy Physics in China), the Kerberos token has been used as the main certification method in the local cluster. Naturally, it’s selected as the certification method in the distributed computing system.
In this case, a set of toolkits were developed or introduced to use Kerberos token in the distributed computing system, including token producer, token repository, token transfer and token client engine. Token producer is responsible to create a token and publish the token file to token repository. Token repository stores all the latest token files and a refresh service periodically renew the lifetime of those tokens stored in token repository. Token transfer is taking charge of bringing the token file to the worker node. Token client engine initializes the token environment and renews the token’s lifetime on the worker node. With these toolkits, the jobs can run in any worker node in any site and use the Kerberos token to access other services, such as EOS and XRootd proxy service.
In IHEP, the Kerberos toolkit has been deployed in the distributed computing system. Currently, three experiments (LHAASO, BES and HERD) are using Kerberos token to remotely access the data in EOS or Lustre.
| Consider for long presentation | No |
|---|
