I've got an HPC cluster on a private network without access to our LDAP servers
for reasons I don't have any influence on at the moment. Users connect to
special nodes called submit nodes to submit (eh!) jobs on the cluster. Those
nodes have access to the public facing network (hence our LDAP servers) and the
cluster private network.
At the moment, /etc/passwd /etc/group and /etc/shadow are simply dumped on all
cluster nodes. I'd like to move away from this setup.
How to update the submit nodes to use sssd with an ldap auth_provider should not
cause any trouble. I'm concerned about the nodes accessible on the private network.
I could configure submit nodes as ldap slaves, but there are security aspects in
that setup I'd like to avoid. My question is quite simple : is there a way to
leverage the "sssdified" submit nodes on other nodes using some kind of
Any suggestion is welcome !