[torqueusers] How to configure Torque with PAM right? (and cpuset also!)

Garrick Staples garrick at usc.edu
Thu Dec 30 22:09:35 MST 2010 

The pam_access module is probably letting them in. Have you done anything with /etc/security/access.conf?

On Dec 30, 2010, at 7:35 PM, Gus Correa wrote:

> Garrick Staples wrote:
>> On Mon, Dec 20, 2010 at 05:40:08PM -0500, Gus Correa alleged:
>>> Hi Garrick
>>> 
>>> Many thanks for your very clear explanations, as usual.
>>> 
>>> 1) I will use the new PAM libraries as you suggested.
>>> 
>>> **
>>> 
>>> 2) I know asking for better documentation isn't good etiquette,
>>> but since Santa Claus is coming to town, it may be worth trying.
>>> 
>>> The Torque Admin Manual, section 3.4 Host Security, only talks
>>> about the old pam_authuser:
>>> 
>>> http://www.clusterresources.com/torquedocs21/3.4hostsecurity.shtml
>>> 
>>> It would be great to have it updated, perhaps to a writeup
>>> extracted from your email, pointing to the new PAM,
>>> or explaining how to setup either the new or the old PAM.
>>> A few examples of pam config files for each version would be great also.
>>> 
>>> **
>> 
>> There are lots of ways to do this, this is one:
>> 
>>  for pamfile in /etc/pam.d/*;do
>>    echo "account    sufficient   pam_pbssimpleauth.so" >> $pamfile
>>  done
>>  for i in ftp login rlogin rsh sshd; do  
>>    echo "account    required     pam_access.so" >>/etc/pam.d/$i
>>  done
>> 
>> 
>> 
>> ------------------------------------------------------------------------
>> 
>> _______________________________________________
>> torqueusers mailing list
>> torqueusers at supercluster.org
>> http://www.supercluster.org/mailman/listinfo/torqueusers
> 
> Hi list and Garrick
> 
> I built Torque 2.4.11 with pam, and
> installed the mom, client, and pam packages in the compute nodes.
> The pam_pbssimpleauth.[so,a,la] are there in /lib64/security.
> 
> I also modified the files in /etc/pam.d according to
> the instructions you gave (see email above).
> 
> However, regular users continue to be able to ssh to compute nodes,
> whether they have jobs running or not.
> 
> Ssh has keys in /etc/ssh/ssh_known_hosts2.
> Standard password files.
> The cluster is CentOS-based.
> 
> What else should I do to make pam_pbssimpleauth work as expected?
> 
> The thread below mentions the file /etc/pam.d/system-auth-pbs, which
> doesn't exist in my /etc/pam.d:
> http://www.clusterresources.com/pipermail/torqueusers/2009-April/008942.html
> 
> Is this what I am missing?
> 
> Many thanks and Happy New Year.
> Gus Correa
> _______________________________________________
> torqueusers mailing list
> torqueusers at supercluster.org
> http://www.supercluster.org/mailman/listinfo/torqueusers

More information about the torqueusers mailing list