[torqueusers] How to configure Torque with PAM right? (and cpuset also!)

Gus Correa gus at ldeo.columbia.edu
Thu Dec 30 20:35:03 MST 2010


Garrick Staples wrote:
> On Mon, Dec 20, 2010 at 05:40:08PM -0500, Gus Correa alleged:
>> Hi Garrick
>>
>> Many thanks for your very clear explanations, as usual.
>>
>> 1) I will use the new PAM libraries as you suggested.
>>
>> **
>>
>> 2) I know asking for better documentation isn't good etiquette,
>> but since Santa Claus is coming to town, it may be worth trying.
>>
>> The Torque Admin Manual, section 3.4 Host Security, only talks
>> about the old pam_authuser:
>>
>> http://www.clusterresources.com/torquedocs21/3.4hostsecurity.shtml
>>
>> It would be great to have it updated, perhaps to a writeup
>> extracted from your email, pointing to the new PAM,
>> or explaining how to setup either the new or the old PAM.
>> A few examples of pam config files for each version would be great also.
>>
>> **
> 
> There are lots of ways to do this, this is one:
> 
>   for pamfile in /etc/pam.d/*;do
>     echo "account    sufficient   pam_pbssimpleauth.so" >> $pamfile
>   done
>   for i in ftp login rlogin rsh sshd; do  
>     echo "account    required     pam_access.so" >>/etc/pam.d/$i
>   done
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers

Hi list and Garrick

I built Torque 2.4.11 with pam, and
installed the mom, client, and pam packages in the compute nodes.
The pam_pbssimpleauth.[so,a,la] are there in /lib64/security.

I also modified the files in /etc/pam.d according to
the instructions you gave (see email above).

However, regular users continue to be able to ssh to compute nodes,
whether they have jobs running or not.

Ssh has keys in /etc/ssh/ssh_known_hosts2.
Standard password files.
The cluster is CentOS-based.

What else should I do to make pam_pbssimpleauth work as expected?

The thread below mentions the file /etc/pam.d/system-auth-pbs, which
doesn't exist in my /etc/pam.d:
http://www.clusterresources.com/pipermail/torqueusers/2009-April/008942.html

Is this what I am missing?

Many thanks and Happy New Year.
Gus Correa


More information about the torqueusers mailing list