Setting up PBS authorization step-by-step

We would like to prevent users from logging into systems which they have not been allocated. At the same time, we need to allow the root user and system administrators to log in whenever they need to.

We can accomplish this by using PAM!

  1. First, we install the pam_pbssimpleauth module that is distributed with TORQUE into /lib/security/.
  2. Then, we edit /etc/security/access.conf so that it includes the line:
    -:ALL EXCEPT @systaff:ALL
    where 'systaff' is a special netgroup containing our system administrators that we want to allow access.
  3. Finally, we modify /etc/pam.d/common-account so that it looks like this:
    account    required
    account    sufficient debug
    account    required