[slurm-users] pam_slurm_adopt and memory constraints?

Sean Crosby scrosby at unimelb.edu.au
Wed Jul 17 23:16:10 UTC 2019 

Hi Andy,

We have RHEL7, and pam_slurm_adopt is working for us as well, with memory constraint working

pam.d/sshd:
#%PAM-1.0
auth       required     pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
# Ensure that users can only login if they have a job on the node
account    required     pam_slurm_adopt.so
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare

pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Sean

--
Sean Crosby
Senior DevOpsHPC Engineer and HPC Team Lead | Research Platform Services
Research Computing | CoEPP | School of Physics
University of Melbourne


On Wed, 17 Jul 2019 at 21:05, Andy Georges <andy.georges at ugent.be<mailto:andy.georges at ugent.be>> wrote:
Hi Mark, Chris,

On Mon, Jul 15, 2019 at 01:23:20PM -0400, Mark Hahn wrote:
> > Could it be a RHEL7 specific issue?
>
> no - centos7 systems here, and pam_adopt works.

Can you show what your /etc/pam.d/sshd looks like?


Kind regards,
-- Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20190717/d3036b23/attachment.htm>

More information about the slurm-users mailing list