[torqueusers] How to configure Torque with PAM right? (and cpuset also!)
garrick at usc.edu
Thu Dec 30 22:09:35 MST 2010
The pam_access module is probably letting them in. Have you done anything with /etc/security/access.conf?
On Dec 30, 2010, at 7:35 PM, Gus Correa wrote:
> Garrick Staples wrote:
>> On Mon, Dec 20, 2010 at 05:40:08PM -0500, Gus Correa alleged:
>>> Hi Garrick
>>> Many thanks for your very clear explanations, as usual.
>>> 1) I will use the new PAM libraries as you suggested.
>>> 2) I know asking for better documentation isn't good etiquette,
>>> but since Santa Claus is coming to town, it may be worth trying.
>>> The Torque Admin Manual, section 3.4 Host Security, only talks
>>> about the old pam_authuser:
>>> It would be great to have it updated, perhaps to a writeup
>>> extracted from your email, pointing to the new PAM,
>>> or explaining how to setup either the new or the old PAM.
>>> A few examples of pam config files for each version would be great also.
>> There are lots of ways to do this, this is one:
>> for pamfile in /etc/pam.d/*;do
>> echo "account sufficient pam_pbssimpleauth.so" >> $pamfile
>> for i in ftp login rlogin rsh sshd; do
>> echo "account required pam_access.so" >>/etc/pam.d/$i
>> torqueusers mailing list
>> torqueusers at supercluster.org
> Hi list and Garrick
> I built Torque 2.4.11 with pam, and
> installed the mom, client, and pam packages in the compute nodes.
> The pam_pbssimpleauth.[so,a,la] are there in /lib64/security.
> I also modified the files in /etc/pam.d according to
> the instructions you gave (see email above).
> However, regular users continue to be able to ssh to compute nodes,
> whether they have jobs running or not.
> Ssh has keys in /etc/ssh/ssh_known_hosts2.
> Standard password files.
> The cluster is CentOS-based.
> What else should I do to make pam_pbssimpleauth work as expected?
> The thread below mentions the file /etc/pam.d/system-auth-pbs, which
> doesn't exist in my /etc/pam.d:
> Is this what I am missing?
> Many thanks and Happy New Year.
> Gus Correa
> torqueusers mailing list
> torqueusers at supercluster.org
More information about the torqueusers