(Click to open topic with navigation)
The authorization model for Torque changed in version 4.0.0 from pbs_iff to a daemon called trqauthd. The job of the trqauthd
daemon is the same as pbs_iff. The difference is that trqauthd is a resident daemon whereas pbs_iff is invoked by each client command. pbs_iff is not scalable and is prone to failure under even small loads. trqauthd is very scalable and creates the possibility for better security measures in the future.
I.1.1 trqauthd Authorization Theory
The key to security of trqauthd is the assumption that any host which has been added to the Torque cluster has been secured by the administrator. trqauthd does not do authentication, just authorization of users. Given that the host system is secure the following is the procedure by which trqauthd authorizes users to pbs_server.
trqauthd uses Unix domain sockets for communication from the client utility. Unix domain sockets have the ability to verify that a user is who they say they are by using security features that are part of the file system.