[torqueusers] How to configure Torque with PAM right? (and cpuset also!)
gus at ldeo.columbia.edu
Thu Dec 30 20:35:03 MST 2010
Garrick Staples wrote:
> On Mon, Dec 20, 2010 at 05:40:08PM -0500, Gus Correa alleged:
>> Hi Garrick
>> Many thanks for your very clear explanations, as usual.
>> 1) I will use the new PAM libraries as you suggested.
>> 2) I know asking for better documentation isn't good etiquette,
>> but since Santa Claus is coming to town, it may be worth trying.
>> The Torque Admin Manual, section 3.4 Host Security, only talks
>> about the old pam_authuser:
>> It would be great to have it updated, perhaps to a writeup
>> extracted from your email, pointing to the new PAM,
>> or explaining how to setup either the new or the old PAM.
>> A few examples of pam config files for each version would be great also.
> There are lots of ways to do this, this is one:
> for pamfile in /etc/pam.d/*;do
> echo "account sufficient pam_pbssimpleauth.so" >> $pamfile
> for i in ftp login rlogin rsh sshd; do
> echo "account required pam_access.so" >>/etc/pam.d/$i
> torqueusers mailing list
> torqueusers at supercluster.org
Hi list and Garrick
I built Torque 2.4.11 with pam, and
installed the mom, client, and pam packages in the compute nodes.
The pam_pbssimpleauth.[so,a,la] are there in /lib64/security.
I also modified the files in /etc/pam.d according to
the instructions you gave (see email above).
However, regular users continue to be able to ssh to compute nodes,
whether they have jobs running or not.
Ssh has keys in /etc/ssh/ssh_known_hosts2.
Standard password files.
The cluster is CentOS-based.
What else should I do to make pam_pbssimpleauth work as expected?
The thread below mentions the file /etc/pam.d/system-auth-pbs, which
doesn't exist in my /etc/pam.d:
Is this what I am missing?
Many thanks and Happy New Year.
More information about the torqueusers