Users of TACC resources such as Stampede will soon need to use Multi-Factor Authentication (MFA) to use these resources, and this will negatively affect automated workflow schemes. Some solutions given by TACC staff are:
- use XSEDE certificates (gsissh), which won’t require MFA
- use ssh multiplexing, which requires MFA but only for the initial connection
From the staff at TACC MFA apparently comes as a requirement from NSF, and is likely to spread to the other XSEDE sites. This complicates things for Fireworks since both the file transfer FireTasks and the queue launchers rely on SSH via paramiko.
Are there any plans to address this, and should there be? In our own lab we’ll be working with the RADICAL folks to probably use SAGA as the access layer for file transfer and queue launching via gsissh, which won’t be subject to MFA for TACC resources. Does this sound like something that should make its way into core Fireworks?