Setting up PBS authorization step-by-step
Goal:
We would like to prevent users from logging into systems which they have not been allocated. At the same time, we need to allow the root user and system administrators to log in whenever they need to.
We can accomplish this by using PAM!
- First, we install the pam_pbssimpleauth module that is distributed with TORQUE into /lib/security/.
- Then, we edit /etc/security/access.conf so that it includes the line:
-:ALL EXCEPT @systaff:ALL
where 'systaff' is a special netgroup containing our system administrators that we want to allow access.
- Finally, we modify /etc/pam.d/common-account so that it looks like this:
account required pam_unix2.so
account sufficient pam_pbssimpleauth.so debug
account required pam_access.so