The N1GE execution environment has to start jobs on behalf of the submitting user. The execution daemon (sge_execd) on UNIX hosts runs as the user root so it can start jobs on behalf of all users.
On Windows hosts the execution daemon runs as the local Administrator user so it can start jobs on behalf of users without knowing their password, but these jobs wouldn't have the permissions to access network resources. Only fully authenticated users can access network resources, and for a full authentication the users password is needed. Therefore all users who want to submit jobs to a Windows execution host have to register their password with N1GE. The execution daemon still needs to run as the local Administrator to have the permissions to do several administrative tasks. .
Users who want to start N1GE jobs on Windows execution hosts use the sgepasswd client application to register their Windows passwords with N1GE. The following example shows Peter who has a user account in the domain ENGINEERING. Because ENGINEERING is the principal domain of the Windows execution host CRUNCH, Peter does not need to register his password for a specific domain. This should be the default in any properly set up single domain environment. sgepasswd must be run on a non-Windows host.
> sgepasswd Changing password for Peter New password: Re-enter new password: Password changed |
Only in multiple domain environments it could be necessary to register the password explicitly for a specific domain.
sgepasswd modifies the Grid Engine password file (sgepasswd(5).) This file contains a list of usernames and their Windows passwords in encrypted form. You can use the sgepasswd to add a new entry for your user account or change your existing password. Additionally, the root user can change or delete the password entries for other user accounts. sgepasswd is only available on non-Windows hosts. It has the following syntax:
sgepasswd [[ -D domain ] -d user ] sgepasswd [ -D domain ] [ user ]
This command has these options:
-D domain |
By default sgepasswd adds or modifies the current UNIX username without a domain specification. You can use this switch to add a domain specification in front of the current user name. Consult your Microsoft Windows documentation to get more information about domain users. |
-d user |
Only root can use this parameter to delete entries from the sgepasswd(5) file. |
-help |
Prints a listing of all options. |
Additionally, The following environment variables affect the operation of this command.
SGE_CERTFILE |
Specifies the location of public key file. By default sgepasswd uses the file $SGE_ROOT/$SGE_CELL/common/sgeCA/certs/cert.pem |
SGE_KEYFILE |
If set, specifies the location of the private key file. The default file is /var/sgeCA/port${SGE_QMASTER_PORT}/$SGE_CELL/private/key.pem |
SGE_RANDFILE |
If set, specifies the location of the rand.seed file. The default file is /var/sgeCA/port${SGE_QMASTER_PORT}/$SGE_CELL/private/rand.seed. |