AWS Security ChangesHomeSearch

AWS parallelcluster medium security documentation change

Service: parallelcluster · 2026-02-25 · Security-related medium

File: parallelcluster/latest/ug/tutorials_05_multi-user-ad-step3.md

Summary

Added documentation requiring LDAP TLS CA certificates to be accessible to all cluster nodes for proper user resolution.

Security assessment

Explicitly states that inaccessible certificates break user resolution, preventing authentication. This addresses a security misconfiguration risk where nodes might fail to authenticate users if certificates are unavailable, potentially causing unauthorized access or system failure.

Diff

diff --git a/parallelcluster/latest/ug/tutorials_05_multi-user-ad-step3.md b/parallelcluster/latest/ug/tutorials_05_multi-user-ad-step3.md
index aff43d3b5..6a37de905 100644
--- a//parallelcluster/latest/ug/tutorials_05_multi-user-ad-step3.md
+++ b//parallelcluster/latest/ug/tutorials_05_multi-user-ad-step3.md
@@ -41,0 +42,11 @@ For better security posture, we suggest to use the `HeadNode` / `Ssh` / `Allowed
+Notice that the certificate specified in `LdapTlsCaCert` must be accessible to all cluster nodes.
+
+###### Hard Requirements
+
+  * The certificate specified in `LdapTlsCaCert` must be accessible to all cluster nodes.
+
+A node without access to the certificate will not be able to resolve users from the directory.
+
+
+
+