[torqueusers] How to configure Torque with PAM right?

Garrick Staples garrick at usc.edu
Mon Dec 20 12:34:06 MST 2010

On Mon, Dec 20, 2010 at 01:13:53AM -0500, Gustavo Correa alleged:
> Dear Torque experts
> I am trying to configure and install  (and make it work) 
> Torque 2.4.11 --with-pam on an x86_64 cluster.
> I am a bit confused.  Please shed some light.
> 1) Configuring --with-pam seems to produce these libraries (also installed on the compute
> nodes via the torque-pam package, I suppose):
> /lib64/security/pam_pbssimpleauth.a
> /lib64/security/pam_pbssimpleauth.la
> /lib64/security/pam_pbssimpleauth.so
> However, if I do only this, when I submit jobs they sit forever on the queue and don't start.
> (Scheduling is enabled, server, scheduler are up in the head node, 
> moms are up in the compute nodes, queue is enabled and started.)

pbs_simpleauth is for the compute nodes to allow users to login when they have
a job running on that node. See src/pam/README.pam.

It has nothing to with the server or scheduling.

> 2) By contrast, the documentation speaks about another package: 
> pam_authuser (in the contrib directory),
> and gives instructions on how to build it (via make+make install).

This is an older PAM module that does nearly the same thing in a different way.
It requires that the prologue/epilogue scripts manage a list of usernames in

> Make produces another library:  pam_authuser.so,
> which the Makefile wants to install in /lib/security (NOT in /lib64/security).
> I didn't do make install, because I expected the library to go to /lib64/security,
> since my cluster is x86_64.
> Right or wrong?

Correct. 64bit PAM libs should go into /lib64/security. Since pam_authuser is
outside of the torque distribution, it doesn't benefit from torque's autoconf
stuff. It was written before 64bit distros were common.

> The Torque user's guide and the README files have  further instructions to install pam_authuser on the compute nodes, edit PAM security files, etc.
> However, I stopped short of following procedure 2) all the way, 
> because I was not sure if it would complement of conflict with procedure 1), or what else.

Do not use both PAM modules because they do the same thing. Obviously, I
recommend the newer PAM module that is included in the torque distrobution.

> Questions:
> Are the two approaches above complementary, independent, or conflicting?


> Should I use 1) only,  2) only,  or 1) + 2) ?

1 or 2. Up to you.

> How do I make Torque work with PAM, and the jobs run, instead of sitting forever in
> the queue?

That's 2 questions. Jobs running has nothing to do with torque's pam support.

Garrick Staples, GNU/Linux HPCC SysAdmin
University of Southern California

Life is Good!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20101220/f87538c8/attachment.bin 

More information about the torqueusers mailing list