[torquedev] new PAM module pam_pbssimpleauth.so

Garrick Staples garrick at clusterresources.com
Fri Jul 7 17:12:32 MDT 2006


Greetings, I'm happy to announce a new PAM module to authorize logins
on nodes for users that have running jobs.  This replaces the common
practice of using pro/epilogs to maintain /etc/authuser or
/etc/security/access.conf.

When a user ssh's to a node, this module will check the .JB files in
$PBS_SERVER_HOME/mom_priv/jobs/ for a matching uid and that the job is
running.

The code is in a seperate branch until it sees more testing:
  svn://www.clusterresources.com/torque/branches/pam

Note: I found that in some cases of job exiting, pbs_mom wasn't syncing the
"exiting" state of the job back to disk.  This was allowing user logins
during the epilogue and possibly leaving stale processes on the node.
The branch includes a few fixes to pbs_mom to correct this issue.

Run configure with --with-pam=DIR where DIR is the full path to the
directory that holds PAM modules on your system.  On Linux, it defaults
to /lib(64)/security.  I haven't done any builds or testing on anything
other than RHEL3, so non-Linux doesn't have a default (yet).

There is a simple README in src/pam/

AFAIK, Solaris, OSX, and HP-UX are the only other systems that use PAM.
Perhaps gurus of those systems can help me there?  Building and run-time
need to be verified, and I need help figuring out the correct install
directory.



More information about the torquedev mailing list