NAME

       pam_sge_authorize - PAM module to control access to SGE hosts

SYNOPSIS

       pam_sge_authorize [options]

DESCRIPTION

       This PAM module limits access via ssh(1) etc. to Grid Engine hosts only to users who currently have a job
       running on the host.  The expectation is that this limits their impact on any other users of the host.

OPTIONS

       execd_spool_dir=dir
           Specify  the  spool directory in which to find the active_jobs directory as dir/hostname/active_jobs.
           Default: /opt/sge/default/spool.

       bypass_users=user_list
           The module ignores access by users with unames in the comma-separated user_list.  There is a limit of
           30 users.  root is always allowed access.

       max_sleep=max_sleep
           A non-zero max_sleep allows desynchronization of accesses to the spool directory.  The module  sleeps
           for a random period t, where 0<=t<=max_sleep microseconds before accessing the spool directory.  This
           probably isn't useful.  Default: 0.

       debug
           Send debugging information to syslog.

EXAMPLE

       On a typical GNU/Linux system, add something like the following to /etc/pam.d/sshd, e.g. at the top.

         account required /opt/sge/lib/lx-amd64/pam_sge_authorize.so \
           bypass_users=foo,bar,baz,qux spool_dir=/opt/sge/execd_spool

       On  some systems it might be necessary to copy pam_sge_authorize.so into, say, /lib/security, and instead
       use it as

         auth required pam_sge_authorize.so

SEE ALSO

       ssh(1), pam(7), pam.conf(4).

AUTHOR

       TACC.  Man page by Dave Love, based on material from Bill Barth, TACC.

                                                   2010-11-25                               pam_sge_authorize(8)