New here and trying to learn more on OOD. So lets say a user authenticated via SSO and gets into the portal. From there how are users accessing the back-end server running Linux? Do they provide the credential again? Does the back-end server usually setup to authenticate local accounts with SSH keys, user mapping, etc?
We are envisioning a setup where a few colleges can access the resources (via Cirrus Identity). The back-end server is an HPC (slurm/login).
Thanks ahead.
TT
Hello! Welcome to the OOD Discourse and OOD Community - we’re glad to see you here!
Here is some documentation on the variety of ways user mapping from the SSO can happen. To summarize, OnDemand can map the REMOTE_USER from the SSO to a local/LDAP linux user using an email address or UID.
Once the user logs in they get their own Nginx stack that’s running as their un-privileged regular user (see: Architecture — Open OnDemand 4.0.0 documentation). They issue commands directly as themselves (not root) like sbatch and so on, so there’s no need for authentication. OnDemand does provide a way to get terminal/ssh sessions on login nodes (Cluster Configuration — Open OnDemand 4.0.0 documentation). Sites generally setup HostBasedAuthentication to avoid authenticating again.