(Click to open topic with navigation)
The authorization model for TORQUE changed in version 4.0.0 from pbs_iff to a daemon called trqauthd. The job of the trqauthd
daemon is the same as pbs_iff. The difference is that trqauthd is a resident daemon whereas pbs_iff is invoked by each client command. pbs_iff is not scalable and is prone to failure under even small loads. trqauthd is very scalable and creates the possibility for better security measures in the future.
trqauthd and pbs_iff authorization theory
The key to security of both trqauthd and pbs_iff is the assumption that any host which has been added to the TORQUE cluster has been secured by the administrator. Neither trqauthd nor pbs_iff do authentication. They only do authorization of users. Given that the host system is secure the following is the procedure by which trqauthd and pbs_iff authorize users to pbs_server.
Both trqauthd and pbs_iff use Unix domain sockets for communication from the client utility. Unix domain sockets have the ability to verify that a user is who they say they are by using security features that are part of the file system.