'\" .\" Copyright (C), 2010 Dave Love .\" You may distribute this file under the terms of the GNU Free .\" Documentation License. .de URL \\$2 \(laURL: \\$1 \(ra\\$3 .. .if \n[.g] .mso www.tmac .\" .de M \" man page reference \\fI\\$1\\fR\\|(\\$2)\\$3 .. .\" .TH pam_sge_authorize 8 2010-11-25 .SH NAME pam_sge_authorize \- PAM module to control access to SGE hosts .SH SYNOPSIS .BR pam_sge_authorize .RI [ options ] .SH DESCRIPTION This PAM module limits access via .M ssh 1 etc. to Grid Engine hosts only to users who currently have a job running on the host. The expectation is that this limits their impact on any other users of the host. .\" .SH OPTIONS .PP \fBexecd_spool_dir=\fR\fIdir\fR .RS 4 Specify the spool directory in which to find the .B active_jobs directory as .IB dir / hostname /active_jobs\fR. Default: .BR /opt/sge/default/spool . .RE .PP \fBbypass_users=\fR\fB\fIuser_list\fR\fR .RS 4 The module ignores access by users with unames in the comma-separated .IR user_list . There is a limit of 30 users. root is always allowed access. .RE .PP \fBmax_sleep=\fR\fB\fImax_sleep\fR\fR .RS 4 A non-zero .I max_sleep allows desynchronization of accesses to the spool directory. The module sleeps for a random period .IR t , where .RI 0<= t <= max_sleep microseconds before accessing the spool directory. This probably isn't useful. Default: 0. .RE .PP \fBdebug\fP .RS 4 Send debugging information to syslog. .RE .PP .\" .SH EXAMPLE On a typical GNU/Linux system, add something like the following to .BR /etc/pam.d/sshd , e.g. at the top. .RS 2 .nf account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \\ bypass_users=foo,bar,baz,qux spool_dir=/opt/sge/execd_spool .fi .RE On some systems it might be necessary to copy pam_sge_authorize.so into, say, .BR /lib/security , and instead use it as .RS 2 auth required pam_sge_authorize.so .RE .\" .SH "SEE ALSO" .M ssh 1 , .M pam 7 , .M pam.conf 4 . .SH AUTHOR TACC. Man page by Dave Love, based on material from Bill Barth, TACC.