@SeanMurray_59b6 had an interesting question :
Can one use ORCID to authenticate users of HPC clusters ?
At first glance the answer seems "yes, but with difficulty", so I wanted to start a conversation on this.
If I understand correctly, what is needed is a plugin to OpenSSH to allow authorisation via the ORCID profile. So, the user name would be your ORCID id or something linked to that and your password would be your ORCID password or the token if you're using 2FA. However, I don't know if there is a PAM plugin to make these calls for the open ssh server.
I thought then of having Perun manage the endpoint where people are trying to log in, and merging their other identities with their ORCID. A quick mail to then Perun guys gave us this response :
Yep, it is possible, if you setup authentication using ORCID on the Apache web server which is in front of Perun, then Perun will receive ORCID identifier which can be then propagated to the end services - to do the authZ.
... but this is to access the Perun frontend (afaics). Logging into Perun using ORCID is great, but what we want is for users to actually access the remote HPC user interface using ORCID credentials.