Dear Leith,
The following procedure works on CentOS 6.4 with gcc 4.4.7. I performed
the following steps to configure pam_slurm in order to allow ssh
connection on the computing nodes. Connection is ONLY allowed for users
having active jobs on the node, otherwise access is denied.
1. First of all, build SLURM:
$ ./configure --prefix=/opt/software/slurm/2.6.1 --localstatedir=/var
--enable-pam --with-pam_dir=/lib64/security
--with-munge=/opt/software/munge/0.5.10
$ make
$ make install
2. Then, build PAM module pam_slurm.so:
$ make contrib
$ ls contribs/pam/.libs/ -al
total 104
drwxr-xr-x 2 philippe_root admin 4096 Sep 26 17:36 .
drwxr-xr-x 4 philippe_root admin 4096 Sep 26 17:36 ..
-rw-r--r-- 1 philippe_root admin 32374 Sep 26 17:36 pam_slurm.a
lrwxrwxrwx 1 philippe_root admin 15 Sep 26 17:36 pam_slurm.la ->
../pam_slurm.la
-rw-r--r-- 1 philippe_root admin 1034 Sep 26 17:36 pam_slurm.lai
-rw-r--r-- 1 philippe_root admin 32176 Sep 26 17:36 pam_slurm.o
-rwxr-xr-x 1 philippe_root admin 26499 Sep 26 17:36 pam_slurm.so
3. As root perform the following steps:
- copy pam_slurm.so in /lib64/security directory
# cp pam_slurm.so /lib64/security/
- then edit /etc/pam.d/sshd
#%PAM-1.0
auth required pam_sepermit.so
auth include password-auth
####################################
account required pam_slurm.so
####################################
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed
in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
4. Then give it a try:
$ squeue
JOBID PARTITION NAME USER ST TIME NODES
NODELIST(REASON)
...
$ ssh node-05-05
Access denied: user philippe (uid=555) has no active jobs.
Connection closed by 10.0.0.34
$ squeue
JOBID PARTITION NAME USER ST TIME NODES
NODELIST(REASON)
...
1748 debug job_open philippe R 0:05 1 node-05-05
$ ssh node-05-05
Last login: Thu Sep 26 18:06:28 2013 from cluster
[philippe@node-05-05 ~]$
Hope this helps,
Philippe Dos Santos
Le 13/11/2013 19:01, Michael Gutteridge a écrit :
Re: [slurm-dev] How to build and install the pam_slurm module
PAM support isn't enabled by default- you need "--enable-pam" in your
configure options.
HTH
On Wed, Nov 13, 2013 at 2:21 AM, Leith Bade <[email protected]
<mailto:[email protected]>> wrote:
Hi,
I am having trouble figuring out how to get pam_slurm built.
If I run make in the contribs/pam directory it just says there was
nothing to do.
How do I get it to build? It does not appear in /opt/slurm/lib
after make install.
Also I use –prefix=/opt/slurm –enable-debug with ./configure
Thanks,
Leith Bade
[email protected] <mailto:[email protected]>
--
Hey! Somebody punched the foley guy!
- Crow, MST3K ep. 508
--
======================================================
Philippe Dos Santos
Fédération de recherche LUmière MATière (FR LUMAT)
Bât. 210 Université Paris XI
91405 Orsay Cédex- France
Tel: 01 69 15 82 55 (from abroad ++ 33 1 69 15 82 55)
======================================================
