[torquedev] TORQUE PAM
jbernstein at penguincomputing.com
Wed Aug 18 14:34:13 MDT 2010
Glen Beane wrote:
> On Wed, Aug 18, 2010 at 8:41 AM, Ken Nielson
> <knielson at adaptivecomputing.com> wrote:
>> I see that the PAM module for TORQUE is used to control access to
>> compute nodes (the MOMs). A user must be root or have a running job
>> in order to gain access to the node.
>> What about the server? Are there other ways to authenticate users
>> without using the rsh (ruserok in particular) on pbs_server? Is
>> making pbs_server PAM aware something worth doing to allow users
>> flexibility in setting up authentication?
I don't see a real reason to make the server PAM aware. If pbs_server
runs on a master node, that also serves as a login node, then users have
to be able to login to submit jobs anyway. Thats handled through NSS. If
pbs_server runs on a management node, then users can't login there
generally because of NSS.
In Scyld, since the compute nodes by default, can't be logged into the
PAM functionality isn't required.
> Josh from Penguin Computing has a patch to get rid of ruserok, but
> discussion of it kind of died off - last I knew there were some
> questions if it broke the qsub -u functionality.
We have a patch we've been using for a long time that seems to play
better with NSS (read: LDAP, NIS, AD etc). Its against the 2.3.10 branch
though. I'm not sure it it breaks the -u option to qsub, but I haven't
also come across a use for -u either.
More information about the torquedev