[torqueusers] How to configure Torque with PAM right?
garrick at usc.edu
Mon Dec 20 12:34:06 MST 2010
On Mon, Dec 20, 2010 at 01:13:53AM -0500, Gustavo Correa alleged:
> Dear Torque experts
> I am trying to configure and install (and make it work)
> Torque 2.4.11 --with-pam on an x86_64 cluster.
> I am a bit confused. Please shed some light.
> 1) Configuring --with-pam seems to produce these libraries (also installed on the compute
> nodes via the torque-pam package, I suppose):
> However, if I do only this, when I submit jobs they sit forever on the queue and don't start.
> (Scheduling is enabled, server, scheduler are up in the head node,
> moms are up in the compute nodes, queue is enabled and started.)
pbs_simpleauth is for the compute nodes to allow users to login when they have
a job running on that node. See src/pam/README.pam.
It has nothing to with the server or scheduling.
> 2) By contrast, the documentation speaks about another package:
> pam_authuser (in the contrib directory),
> and gives instructions on how to build it (via make+make install).
This is an older PAM module that does nearly the same thing in a different way.
It requires that the prologue/epilogue scripts manage a list of usernames in
> Make produces another library: pam_authuser.so,
> which the Makefile wants to install in /lib/security (NOT in /lib64/security).
> I didn't do make install, because I expected the library to go to /lib64/security,
> since my cluster is x86_64.
> Right or wrong?
Correct. 64bit PAM libs should go into /lib64/security. Since pam_authuser is
outside of the torque distribution, it doesn't benefit from torque's autoconf
stuff. It was written before 64bit distros were common.
> The Torque user's guide and the README files have further instructions to install pam_authuser on the compute nodes, edit PAM security files, etc.
> However, I stopped short of following procedure 2) all the way,
> because I was not sure if it would complement of conflict with procedure 1), or what else.
Do not use both PAM modules because they do the same thing. Obviously, I
recommend the newer PAM module that is included in the torque distrobution.
> Are the two approaches above complementary, independent, or conflicting?
> Should I use 1) only, 2) only, or 1) + 2) ?
1 or 2. Up to you.
> How do I make Torque work with PAM, and the jobs run, instead of sitting forever in
> the queue?
That's 2 questions. Jobs running has nothing to do with torque's pam support.
Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California
Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20101220/f87538c8/attachment.bin
More information about the torqueusers