Setting up PBS authorization step-by-step


Goal:
We would like to prevent users from logging into systems which they have not been allocated. At the same time, we need to allow the root user and system administrators to log in whenever they need to.

We can accomplish this by using PAM!

  1. First, we install the pam_pbssimpleauth module that is distributed with TORQUE into /lib/security/.
  2. Then, we edit /etc/security/access.conf so that it includes the line: 
    -:ALL EXCEPT @systaff:ALL
    where 'systaff' is a special netgroup containing our system administrators that we want to allow access.
  3. Finally, we modify /etc/pam.d/common-account so that it looks like this: 
    account    required     pam_unix2.so
account    sufficient   pam_pbssimpleauth.so debug
account    required     pam_access.so