[slurm-users] pam_slurm_adopt not working for all users
Juergen Salk
juergen.salk at uni-ulm.de
Fri May 21 15:35:00 UTC 2021
Hi Loris,
this depends largely on whether host-based authentication is
configured (which does not seem to be the case for you) and also on
how exactly the PAM stack for sshd looks like in /etc/pam.d/sshd.
As the rules are worked through in the order they appear in
/etc/pam.d/sshd, pam_slurm_adopt cannot bypass the rules that are
placed further up the PAM stack and that are responsible for
regular authentication such as password or public key
authentication.
Best regards
Jürgen
--
Jürgen Salk
Scientific Software & Compute Services (SSCS)
Kommunikations- und Informationszentrum (kiz)
Universität Ulm
Telefon: +49 (0)731 50-22478
Telefax: +49 (0)731 50-22471
* Loris Bennett <loris.bennett at fu-berlin.de> [210521 14:53]:
> Hi,
>
> We have set up pam_slurm_adopt using the official Slurm documentation
> and Ole's information on the subject. It works for a user who has SSH
> keys set up, albeit the passphrase is needed:
>
> $ salloc --partition=gpu --gres=gpu:1 --qos=hiprio --ntasks=1 --time=00:30:00 --mem=100
> salloc: Granted job allocation 7202461
> salloc: Waiting for resource configuration
> salloc: Nodes g003 are ready for job
>
> $ ssh g003
> Warning: Permanently added 'g003' (ECDSA) to the list of known hosts.
> Enter passphrase for key '/home/loris/.ssh/id_rsa':
> Last login: Wed May 5 08:50:00 2021 from login.curta.zedat.fu-berlin.de
>
> $ ssh g004
> Warning: Permanently added 'g004' (ECDSA) to the list of known hosts.
> Enter passphrase for key '/home/loris/.ssh/id_rsa':
> Access denied: user loris (uid=182317) has no active jobs on this node.
> Access denied by pam_slurm_adopt: you have no active jobs on this node
> Authentication failed.
>
> If SSH keys are not set up, then the user is asked for a password:
>
> $ squeue --me
> JOBID PARTITION NAME USER ST TIME NODES NODELIST(REASON)
> 7201647 main test_job nokeylee R 3:45:24 1 c005
> 7201646 main test_job nokeylee R 3:46:09 1 c005
> $ ssh c005
> Warning: Permanently added 'c005' (ECDSA) to the list of known hosts.
> nokeylee at c005's password:
>
> My assumption was that a user should be able to log into a node on which
> that person has a running job without any further ado, i.e. without the
> necessity to set up anything else or to enter any credentials.
>
> Is this assumption correct?
>
> If so, how can I best debug what I have done wrong?
>
> Cheers,
>
> Loris
>
> --
> Dr. Loris Bennett (Hr./Mr.)
> ZEDAT, Freie Universität Berlin Email loris.bennett at fu-berlin.de
>
--
GPG A997BA7A | 87FC DA31 5F00 C885 0DC3 E28F BD0D 4B33 A997 BA7A
More information about the slurm-users
mailing list