I may have missed it, but did you update your pam config for sshd? # grep slurm /etc/pam.d/sshd account required /lib64/security/pam_slurm.so
-k On Mar 6, 2013, at 7:48 AM, Marco Passerini <[email protected]> wrote: > > Hi, > > I'm configuring a new cluster, with the latest development version of > Slurm. I'd like to have PAM configured to normally prevent users from > logging into the compute nodes, and allow them to log into the nodes > only when they have a valid allocation. I tried to configure Slurm-PAM > but it didn't work. > > The computing nodes run CentOS 6.3, are configured in the following way: > > [root@c2 ~]# rpm -qa | grep slurm > slurm-devel-2.6.0-0pre1.el6.x86_64 > slurm-lua-2.6.0-0pre1.el6.x86_64 > slurm-sql-2.6.0-0pre1.el6.x86_64 > slurm-slurmdbd-2.4.3-1.el6.x86_64 > slurm-plugins-2.6.0-0pre1.el6.x86_64 > slurm-pam_slurm-2.6.0-0pre1.el6.x86_64 > slurm-munge-2.6.0-0pre1.el6.x86_64 > slurm-spank-x11-debuginfo-0.2.5-1.x86_64 > slurm-2.6.0-0pre1.el6.x86_64 > slurm-sjobexit-2.6.0-0pre1.el6.x86_64 > slurm-sjstat-2.6.0-0pre1.el6.x86_64 > slurm-perlapi-2.6.0-0pre1.el6.x86_64 > slurm-torque-2.6.0-0pre1.el6.x86_64 > slurm-spank-x11-0.2.5-1.x86_64 > > [root@c2 ~]# rpm -ql slurm-pam_slurm > /lib64/security/pam_slurm.so > > [root@c2 ~]# cat /etc/pam.d/slurm > auth required pam_localuser.so > account required pam_unix.so > session required pam_limits.so > > > [root@c2 ~]# cat /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so try_first_pass nullok > auth required pam_deny.so > > account required pam_unix.so broken_shadow > account required pam_slurm.so > > password requisite pam_cracklib.so try_first_pass retry=3 type= > password sufficient pam_unix.so try_first_pass use_authtok nullok > sha512 shadow > password required pam_deny.so > > session optional pam_keyinit.so revoke > session required pam_limits.so > session [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session required pam_unix.so > > > [root@c2 ~]# ls -lah /etc/pam.d/slurm > -rw-r--r-- 1 root root 101 Aug 8 2012 /etc/pam.d/slurm > > [root@c2 ~]# ls -lah /etc/pam.d/system-auth > -rw-r--r-- 1 root root 745 Aug 8 2012 /etc/pam.d/system-auth > > > [root@c2 ~]# cat /etc/slurm/slurm.conf | grep -i pam > UsePAM=1 > > [root@c2 ~]# cat /etc/slurm/slurm.conf | grep -i PropagateRes > PropagateResourceLimitsExcept=MEMLOCK,RLIMIT_AS,RLIMIT_CPU,RLIMIT_NPROC,RLIMIT_CORE,RLIMIT_DATA,RLIMIT_RSS,STACK > > There's a copy of my ssh-key in the .ssh/authorized_keys in my home folder. > > On the nodes there's my user identity in /etc/passwd and /etc/group, but > there's not shadow file. > > If I login with my account to a node I can enter with no problems and > /var/log/secure says the following: > > Mar 6 15:22:35 c2 sshd[64542]: Accepted publickey for myusername from > 10.10.0.13 port 54821 ssh2 > Mar 6 15:22:35 c2 sshd[64542]: pam_unix(sshd:session): session opened > for user myusername by (uid=0) > > So, how can I prevent normal users to enter into the nodes if there's no > allocation? Am I doing something wrong? > > Thanks in advance, > Marco
