[GE users] SGE, SSH, and LDAP

marce marcemb at gmail.com
Tue Jul 14 08:37:20 BST 2009


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]



2008/6/25 Nick Couchman <Nick.Couchman at seakr.com<mailto:Nick.Couchman at seakr.com>>

Yes, we're using LDAP, so the UIDs are distributed to all of the machines and are unique.


-Nick


>>> On Wed, Jun 25, 2008 at  9:14 AM, "Alexandre Racine" <Alexandre.Racine at mhicc.org<mailto:Alexandre.Racine at mhicc.org>> wrote:


Does all users have the same UID on all machines?





$ id





You need UUID (Unique UID) I think.





Alexandre Racine


alexandre.racine at mhicc.org<mailto:alexandre.racine at mhicc.org>


514-461-1300 poste 3303





From:

Nick Couchman [mailto:Nick.Couchman at seakr.com<mailto:Nick.Couchman at seakr.com>]
Sent: 25 juin 2008 10:40
To: users at gridengine.sunsource.net<mailto:users at gridengine.sunsource.net>
Subject: Re: [GE users] SGE, SSH, and LDAP




I'll post that stuff if it's really needed, but, as I stated before, ssh directly to these nodes using either of the accounts works perfectly fine.  It's only through the Grid Engine that it fails.  Unless the Grid somehow switches SSH to a different PAM configuration file, I don't think it's a PAM issue since LDAP authentication when SSH'ing w/o the Grid works.




I have another twist - I had another employee try it out and he was able to get in just fine, as well.  The similarities between my account and his account: 1) both the accounts use bash (whereas the one that fails uses tcsh, and 2) he seems to have key-based authentication configured.




Any chance that the UID is being limited by something in the Grid or the way sshd is being run?  Most of my UIDs are low values - mine is 1427, the other account that works is 382, whereas the test account is 19003 or something like that.




Thanks - Nick


>>> On Tue, Jun 24, 2008 at  5:42 PM, Alex Chekholko <chekh at pcbi.upenn.edu<mailto:chekh at pcbi.upenn.edu>> wrote:

On Tue, 24 Jun 2008 14:31:17 -0600
"Nick Couchman" <Nick.Couchman at seakr.com<mailto:Nick.Couchman at seakr.com>> wrote:

> I'm using Linux on everything - my desktop machine is SuSE 10.3 and all of my exec nodes are RHEL 4U5.  The interesting thing is that I can SSH into one of the RHEL4U5 boxes under my account (nick) and run qrsh and have it succeed, log out, then SSH into the same box as the other account (testuser) and run qrsh and have it not accept my password.

Can you post something like the output of "grep -v ^# /etc/ssh/sshd_config" from the nodes?  Specificaly, UsePAM yes or no? Also the contents of /etc/pam.d/system-auth?  Anything useful in /var/log/secure on the nodes?

Regards,
--
Alex Chekholko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net<mailto:users-unsubscribe at gridengine.sunsource.net>
For additional commands, e-mail: users-help at gridengine.sunsource.net<mailto:users-help at gridengine.sunsource.net>

________________________________

This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.

________________________________
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.

Hi all,

first of all, I apologize if this post has been closed, but I have the same problem with this configuration..And I am so confused (I have searched a lot..but nothing was useful :s ).

Anybody could resolve this problem? I have done some tests and the problem is when you launch a mpi job (I think..).

Thanks for all in this forum,

regards



More information about the gridengine-users mailing list