pam_sge_authorize - PAM module to control access to SGE hosts
This PAM module limits access via ssh(1) etc. to Grid Engine hosts only
to users who currently have a job running on the host. The expectation
is that this limits their impact on any other users of the host.
Specify the spool directory in which to find the active_jobs
directory as dir/hostname/active_jobs. Default:
The module ignores access by users with unames in the comma-
separated user_list. There is a limit of 30 users. root is always
A non-zero max_sleep allows desynchronization of accesses to the
spool directory. The module sleeps for a random period t, where
0<=t<=max_sleep microseconds before accessing the spool directory.
This probably isn't useful. Default: 0.
Send debugging information to syslog.
Require an active job, i.e. a running shepherd on the host. This
can be used to enforce tight integration for distributed jobs, i.e.
direct access to other nodes of the job is prevented via SSH,
rather than qrsh -inherit.
On a typical GNU/Linux system, add something like the following to
/etc/pam.d/sshd, e.g. at the top.
account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \
On some systems it might be necessary to copy pam_sge_authorize.so
into, say, /lib/security, and instead use it as
auth required pam_sge_authorize.so
ssh(1), pam(7), pam.conf(4).
TACC. Man page by Dave Love, based on material from Bill Barth, TACC.
Man(1) output converted with