Hi all,
I have a standard grid engine cluster (sge-8.1.8 tarball from Dave
Love's site) where users use qlogin to get interactive shells on compute
nodes, and we use a qlogin wrapper script to enable X11 forwarding, by
using sshd instead of builtin qlogin_daemon.
Next, we'd like to limit SSH access to the compute nodes, except if a
user has a job running there. Right now, users can SSH to any node and
some are starting to abuse this.
However, adding pam_sge_authorize to the sshd pam stack breaks my qlogin
wrapper, as it doesn't let the user ssh in for the qlogin job.
Does anyone have something like this working? Maybe I'm missing
something simple.
https://arc.liv.ac.uk/SGE/htmlman/htmlman8/pam_sge_authorize.html
https://arc.liv.ac.uk/trac/SGE/browser/sge/source/3rdparty/tacc_pam_sge/pam_sge_authorize.c?rev=4811
I also don't quite understand what
https://arc.liv.ac.uk/SGE/htmlman/htmlman8/pam_sge-qrsh-setup.html
is for, no matter how many times I re-read those man pages. Do I need
both pam_sge-qrsh-setup and pam_sge_authorize?
Regards,
--
Alex Chekholko [email protected]
_______________________________________________
users mailing list
[email protected]
https://gridengine.org/mailman/listinfo/users
