Skip to content

PAM

Before you start

Goal

  • Configure PAM to create user directories.

Prerequisites

  • The servers should be joined to the domain (or have SSSD configured).

Operating System PAM Settings

During installation on a worker node, the hub will install a configuration file for PAM /etc/pam.d/slchub that contains the following settings:

auth        include       system-auth
account     include       system-auth
password    include       system-auth
session     include       system-auth

This tells the system to use the standard login configuration for the Hub pam sessions. The system authorization may be configured to create home directories. This is the default for many Linux distributions, and can be seen in the /etc/pam.d/system-auth file as the line

session     optional     pam_oddjob_mkhomedir.so

Enable PAM Sessions

To enable PAM sessions on a Linux worker, you must edit (or create) the [etc directory]/nomad_plugin.yaml file. If the file doesn't exist, you should copy the template [etc directory]/nomad_plugin_default.yaml and set the file permissions and ownership.

Change the setting:

# open_pam_session: false

to be true, for example:

open_pam_session: true

Verification

Verify Home directories are created

  • run a Hello World program asynchronously

You can install a demo server via a button on the website, you should then be able to go to the Invocation Interface and run a "Hello World" program as a new user.