pam_sge_authorize.8
NAME
pam_sge_authorize - PAM module to control access to SGE hosts
SYNOPSIS
pam_sge_authorize [options]
DESCRIPTION
This PAM module limits access via ssh(1) etc. to Grid Engine hosts only
to users who currently have a job running on the host. The expectation
is that this limits their impact on any other users of the host.
OPTIONS
execd_spool_dir=dir
Specify the spool directory in which to find the active_jobs
directory as dir/hostname/active_jobs. Default:
/opt/sge/default/spool.
bypass_users=user_list
The module ignores access by users with unames in the comma-
separated user_list. There is a limit of 30 users. root is always
allowed access.
max_sleep=max_sleep
A non-zero max_sleep allows desynchronization of accesses to the
spool directory. The module sleeps for a random period t, where
0<=t<=max_sleep microseconds before accessing the spool directory.
This probably isn't useful. Default: 0.
debug
Send debugging information to syslog.
active
Require an active job, i.e. a running shepherd on the host. This
can be used to enforce tight integration for distributed jobs, i.e.
direct access to other nodes of the job is prevented via SSH,
rather than qrsh -inherit.
EXAMPLE
On a typical GNU/Linux system, add something like the following to
/etc/pam.d/sshd, e.g. at the top.
account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \
bypass_users=foo,bar,baz,qux spool_dir=/opt/sge/execd_spool
On some systems it might be necessary to copy pam_sge_authorize.so
into, say, /lib/security, and instead use it as
auth required pam_sge_authorize.so
SEE ALSO
ssh(1), pam(7), pam.conf(4).
AUTHOR
TACC. Man page by Dave Love, based on material from Bill Barth, TACC.
2010-11-25 pam_sge_authorize(8)
Man(1) output converted with
man2html