pam_sge_authorize (8) - Linux Man Pages
pam_sge_authorize: PAM module to control access to SGE hosts
pam_sge_authorize - PAM module to control access to SGE hosts
DESCRIPTIONThis PAM module limits access via etc. to xxQS_NAMExx hosts only to users who currently have a job running on the host. The expectation is that this limits their impact on any other users of the host.
- Specify the spool directory in which to find the active_jobs directory as dir/hostname/active_jobs. Default: /opt/sge/default/spool.
- The module ignores access by users with unames in the comma-separated user_list. There is a limit of 30 users. root is always allowed access.
- A non-zero max_sleep allows desynchronization of accesses to the spool directory. The module sleeps for a random period t, where 0<=t<=max_sleep microseconds before accessing the spool directory. This probably isn't useful. Default: 0.
- Send debugging information to syslog.
- Require an active job, i.e. a running shepherd on the host. This can be used to enforce tight integration for distributed jobs, i.e. direct access to other nodes of the job is prevented via SSH, rather than qrsh -inherit.
EXAMPLEOn a typical GNU/Linux system, add something like the following to /etc/pam.d/sshd, e.g. at the top.
account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \ bypass_users=foo,bar,baz,qux spool_dir=/opt/sge/execd_spool
auth required pam_sge_authorize.so
AUTHORTACC. Man page by Dave Love, based on material from Bill Barth, TACC.