- Community Home
- >
- Servers and Operating Systems
- >
- Server Clustering
- >
- Re: CMU_PAM_AUTH
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-18-2011 11:33 AM
10-18-2011 11:33 AM
CMU_PAM_AUTH
Is it possible to re-enable CMU_PAM_AUTH? The notes in cmuserver.conf (default install) say that it only works in RHEL4 32 bit.
Our admins log onto our cluster's via SSH using libpam-krb5 and authenticate off of our Active Directory which has strong password features. Rather than enabling shadow passwords for these accounts, we'd like all authentication to be done on accounts which inherit our central password policy. PAM integration is fairly easy and standard. I'm not entirely sure why this fairly standard and necessary feature seems to have been dropped since RHEL 4.
Thanks for any assistance,
Rohit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2011 09:37 AM
11-16-2011 09:37 AM
Re: CMU_PAM_AUTH
There used to be a similar PAM_AUTH module to prevent users from ssh'ing to a compute node unless they had first acquired it via a bsub session. When we dropped SLURM from LSF that went away also. Would be great to have that functionality back.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2012 11:06 AM
02-20-2012 11:06 AM
Re: CMU_PAM_AUTH
Hi Dennis,
Sorry for the late response.
The PAM authentication that you are referring to comes with SLURM, and is called "pam_slurm". It's a Pluggable Authentication Module (PAM) that you configure in the /etc/pam.d/system-auth file on RHEL that checks if the local node has been allocated to the user in SLURM before allowing ssh access.
The XC Support team developed a similar module for standard LSF, and our internal benchmark team still uses it for controlling access to compute nodes. Let me see if I can dig that up and make it available here.
Regards,
--Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2012 11:22 AM
02-20-2012 11:22 AM
Re: CMU_PAM_AUTH
Hello,
Sorry for the delay in responding to this post.
CMU_PAM_AUTH in the cmuserver.conf file is referring to a technique where the GUI can log into Admin Mode automatically using standard PAM mechanisms, without the user providing a root password. This has nothing to do with controlling user access to the cluster nodes. Customers can configure any authentication method that they would like for controlling user access to the compute nodes. The only requirement from CMU is that the root account can ssh between the nodes in the cluster without a password, and CMU accomplishes this by default by configuring consistent ssh keys on all nodes.
CMU_PAM_AUTH was deprecated because it required a complete redesign to adapt to any OS distribution (the original implementation was designed to work on RHEL 4 only) and continual maintainence to ensure that it worked on the latest OS distributions. The CMU team felt that this was a lot of work for a trivial feature, and that the work could be better spent on more useful features.
Regards,
--Chris