计算机科学与探索 ›› 2023, Vol. 17 ›› Issue (7): 1700-1707.DOI: 10.3778/j.issn.1673-9418.2202037

• 网络·安全 • 上一篇    下一篇

高性能计算环境多源用户认证方法研究与实现

和荣,肖海力,王小宁,迟学斌   

  1. 1. 中国科学院 计算机网络信息中心,北京 100083
    2. 中国科学院大学,北京 100049
  • 出版日期:2023-07-01 发布日期:2023-07-01

Research and Implementation of Multi-source Account Authentication for High-Performance Computing Environment

HE Rong, XIAO Haili, WANG Xiaoning, CHI Xuebin   

  1. 1. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100083, China
    2. University of Chinese Academy of Sciences, Beijing 100049, China
  • Online:2023-07-01 Published:2023-07-01

摘要: 高性能计算(HPC)环境屏蔽了作业管理系统、接入方式、管理制度等方面的异构性,为科研人员提供了具有统一访问入口、统一使用方法和用户技术支持的高水平高性能计算应用服务。随着环境的发展,接入的超算中心以及应用社区和业务平台越来越多,希望超算中心以及社区和业务平台用户能够以原有账号登录高性能计算环境使用资源。现有的高性能计算环境仅支持通过LDAP认证的网格账号登录,应用社区和业务平台都有自己的用户且认证方式各不相同。为使环境提供一个统一的认证中心,研究了多源用户认证技术并开发实现了多源用户认证与授权系统。目前,高性能计算环境的认证中心已支持部分超算中心集群账号。“高性能计算”专项中的各大社区和业务平台通过多源用户认证技术也实现了与国家高性能计算环境的对接,且对接后社区和平台用户与环境网格用户可互登录并使用相关资源。

关键词: 高性能计算(HPC), 多源用户认证, 安全, 超算中心

Abstract: High-performance computing (HPC) environment provides researchers with high level high-performance computing application services with unified access entrance, unified use method and user technical support through shielding the heterogeneity of job management system, access mode, management system and so on. With the development of the environment, more and more supercomputing centers, application communities, and service platforms are connected. Accounts of the supercomputing centers, communities, and service platforms are required to log in to the HPC environment using their original ways. The existing high-performance computing environment supports only grid accounts authenticated by LDAP (lightweight directory access protocol). Application communities and service platforms have their own users and different authentication modes. In order to provide a unified authentication center for the environment, this paper studies the multi-source account authentication technology and develops the multi-source user authentication system. At present, the HPC environment has supported multiple super computing centers. The major communities and platforms in the “high-performance computing” special project also have realized the connection with the national HPC environment through the multi-source account authentication technology. After the connection, accounts of the communities and platforms can log in with the environment grid accounts, at the same time use relevant resources.

Key words: high-performance computing (HPC), multi-source account authentication, security, supercomputing center