[torquedev] TORQUE PAM

Joshua Bernstein jbernstein at penguincomputing.com
Wed Aug 18 14:34:13 MDT 2010



Glen Beane wrote:
> On Wed, Aug 18, 2010 at 8:41 AM, Ken Nielson 
> <knielson at adaptivecomputing.com> wrote:
>> I see that the PAM module for TORQUE is used to control access to
>> compute nodes (the MOMs). A user must be root or have a running job
>> in order to gain access to the node.
>> 
>> What about the server? Are there other ways to authenticate users
>> without using the rsh (ruserok in particular) on pbs_server? Is
>> making pbs_server PAM aware something worth doing to allow users
>> flexibility in setting up authentication?

I don't see a real reason to make the server PAM aware. If pbs_server 
runs on a master node, that also serves as a login node, then users have 
to be able to login to submit jobs anyway. Thats handled through NSS. If 
pbs_server runs on a management node, then users can't login there 
generally because of NSS.

In Scyld, since the compute nodes by default, can't be logged into the 
PAM functionality isn't required.

> Josh from Penguin Computing has a patch to get rid of ruserok, but 
> discussion of it kind of died off  - last I knew there were some 
> questions if it broke the qsub -u functionality.

We have a patch we've been using for a long time that seems to play 
better with NSS (read: LDAP, NIS, AD etc). Its against the 2.3.10 branch 
though. I'm not sure it it breaks the -u option to qsub, but I haven't 
also come across a use for -u either.

-Josh


More information about the torquedev mailing list