Hi Did you disable the pam_systemd.so also from the module files included by the sshd pam file ? I am asking because I had this problem when I configured the pam_slurm_adopt
Cheers, Massimo On Fri, Apr 18, 2025 at 5:28 PM Robert Kudyba via slurm-users < slurm-users@lists.schedmd.com> wrote: > In the instructions for pam_slurm_adopt > <https://slurm.schedmd.com/pam_slurm_adopt.html#ssh_config>, there are > instructions such as: >> >> Add the following line to the appropriate file in /etc/pam.d, such as >> system-auth or sshd (you may use either the "required" or "sufficient" >> PAM control flag): > > > This module is configurable. Add these options to the end of the >> pam_slurm_adopt line in the appropriate file in /etc/pam.d/ (e.g., sshd >> or system-auth): > > Assuming an OS like CentOS does this mean it should be put in both? > > slurm.conf on the node has: > UsePAM yes > > slurm.conf has PrologFlags=contain and ProctrackType=proctrack/cgroup > I placed the call here only in /etc/pam.d/sshd making sure it is the last > line in the account stack. > #%PAM-1.0 > auth required pam_sepermit.so > auth substack system-auth > auth include postlogin > # Used with polkit to reauthorize users in remote sessions > -auth optional pam_reauthorize.so prepare > account required pam_nologin.so > account include system-auth > -account required pam_slurm_adopt.so > > so pam_sss.so is at the bottom of /etc/pam.d/sshd > session optional pam_keyinit.so revoke > session required pam_limits.so > #-session optional pam_systemd.so > session optional pam_oddjob_mkhomedir.so umask=0022 skel=/etc/skel > session [success=1 default=ignore] pam_succeed_if.so service in crond > quiet use_uid > session required pam_unix.so > session optional pam_sss.so > > We're testing this on an idle node. I start an interactive srun. However > trying to ssh to the node gets: > > Apr 18 11:13:41 node11 sshd[33355]: Authorized to dk2643, krb5 principal > u...@ouruni.edu (ssh_gssapi_krb5_cmdok) > Apr 18 11:13:41 node11 sshd[33355]: pam_sss(sshd:account): Access denied > for user user: 6 (Permission denied) > Apr 18 11:13:41 node11 sshd[33355]: fatal: Access denied for user user by > PAM account configuration [preauth] > > Am I missing something? > > -- > slurm-users mailing list -- slurm-users@lists.schedmd.com > To unsubscribe send an email to slurm-users-le...@lists.schedmd.com >
-- slurm-users mailing list -- slurm-users@lists.schedmd.com To unsubscribe send an email to slurm-users-le...@lists.schedmd.com
