[GE users] SGE, SSH, and LDAP
Nick.Couchman at seakr.com
Wed Jun 25 15:40:14 BST 2008
I'll post that stuff if it's really needed, but, as I stated before, ssh directly to these nodes using either of the accounts works perfectly fine. It's only through the Grid Engine that it fails. Unless the Grid somehow switches SSH to a different PAM configuration file, I don't think it's a PAM issue since LDAP authentication when SSH'ing w/o the Grid works.
I have another twist - I had another employee try it out and he was able to get in just fine, as well. The similarities between my account and his account: 1) both the accounts use bash (whereas the one that fails uses tcsh, and 2) he seems to have key-based authentication configured.
Any chance that the UID is being limited by something in the Grid or the way sshd is being run? Most of my UIDs are low values - mine is 1427, the other account that works is 382, whereas the test account is 19003 or something like that.
Thanks - Nick
>>> On Tue, Jun 24, 2008 at 5:42 PM, Alex Chekholko <chekh at pcbi.upenn.edu> wrote:
On Tue, 24 Jun 2008 14:31:17 -0600
"Nick Couchman" <Nick.Couchman at seakr.com> wrote:
> I'm using Linux on everything - my desktop machine is SuSE 10.3 and all of my exec nodes are RHEL 4U5. The interesting thing is that I can SSH into one of the RHEL4U5 boxes under my account (nick) and run qrsh and have it succeed, log out, then SSH into the same box as the other account (testuser) and run qrsh and have it not accept my password.
Can you post something like the output of "grep -v ^# /etc/ssh/sshd_config" from the nodes? Specificaly, UsePAM yes or no? Also the contents of /etc/pam.d/system-auth? Anything useful in /var/log/secure on the nodes?
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.
More information about the gridengine-users