NAME

       pam_sge_authorize - PAM module to control access to SGE hosts

SYNOPSIS

       pam_sge_authorize [options]

DESCRIPTION

       This  PAM  module  limits  access  via  ssh(1) etc. to Grid Engine hosts only to users who
       currently have a job running on the host.  The  expectation  is  that  this  limits  their
       impact on any other users of the host.

OPTIONS

       execd_spool_dir=dir
           Specify   the   spool  directory  in  which  to  find  the  active_jobs  directory  as
           dir/hostname/active_jobs.  Default: /opt/sge/default/spool.

       bypass_users=user_list
           The module ignores access by users  with  unames  in  the  comma-separated  user_list.
           There is a limit of 30 users.  root is always allowed access.

       max_sleep=max_sleep
           A non-zero max_sleep allows desynchronization of accesses to the spool directory.  The
           module sleeps for  a  random  period  t,  where  0<=t<=max_sleep  microseconds  before
           accessing the spool directory.  This probably isn't useful.  Default: 0.

       debug
           Send debugging information to syslog.

EXAMPLE

       On  a  typical GNU/Linux system, add something like the following to /etc/pam.d/sshd, e.g.
       at the top.

         account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \
           bypass_users=foo,bar,baz,qux spool_dir=/opt/sge/execd_spool

       On  some  systems  it  might  be  necessary  to  copy  pam_sge_authorize.so   into,   say,
       /lib/security, and instead use it as

         auth required pam_sge_authorize.so

SEE ALSO

       ssh(1), pam(7), pam.conf(4).

AUTHOR

       TACC.  Man page by Dave Love, based on material from Bill Barth, TACC.

                                            2010-11-25                       pam_sge_authorize(8)