Users of TACC resources such as Stampede will soon need to use Multi-Factor Authentication (MFA) to use these resources, and this will negatively affect automated workflow schemes. Some solutions given by TACC staff are:
use XSEDE certificates (gsissh), which won’t require MFA
use ssh multiplexing, which requires MFA but only for the initial connection
From the staff at TACC MFA apparently comes as a requirement from NSF, and is likely to spread to the other XSEDE sites. This complicates things for Fireworks since both the file transfer FireTasks and the queue launchers rely on SSH via paramiko.
Are there any plans to address this, and should there be? In our own lab we’ll be working with the RADICAL folks to probably use SAGA as the access layer for file transfer and queue launching via gsissh, which won’t be subject to MFA for TACC resources. Does this sound like something that should make its way into core Fireworks?
Unfortunately there are really no plans forward to address this. Basically due to the unfunded status of FWS development, the only things going on are (i) I add features if they are needed for my research, (ii) I try my best to address bugs and problems in the software if people report them, and (iii) I merge new features other people are willing to contribute. So I think for this to really get resolved, either I would need to run into this problem myself or someone else would need to contribute a patch. Because I tend not to use remote qlaunch, nor do I transfer files using the rtransfer options, it would likely need to be the latter. Sorry -
Best,
Anubhav
···
On Thursday, August 25, 2016 at 12:46:55 PM UTC-7, David Dotson wrote:
Hey all,
Users of TACC resources such as Stampede will soon need to use Multi-Factor Authentication (MFA) to use these resources, and this will negatively affect automated workflow schemes. Some solutions given by TACC staff are:
use XSEDE certificates (gsissh), which won’t require MFA
use ssh multiplexing, which requires MFA but only for the initial connection
From the staff at TACC MFA apparently comes as a requirement from NSF, and is likely to spread to the other XSEDE sites. This complicates things for Fireworks since both the file transfer FireTasks and the queue launchers rely on SSH via paramiko.
Are there any plans to address this, and should there be? In our own lab we’ll be working with the RADICAL folks to probably use SAGA as the access layer for file transfer and queue launching via gsissh, which won’t be subject to MFA for TACC resources. Does this sound like something that should make its way into core Fireworks?