PAM¶
Before you start¶
Goal
- Configure PAM to create user directories.
Prerequisites
- The servers should be joined to the domain (or have SSSD configured).
Operating System PAM Settings¶
During installation on a worker node, the hub will install a configuration file for PAM /etc/pam.d/slchub
that contains the following settings:
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
This tells the system to use the standard login configuration for the Hub pam sessions.
The system authorization may be configured to create home directories.
This is the default for many Linux distributions, and can be seen in the /etc/pam.d/system-auth
file as the line
session optional pam_oddjob_mkhomedir.so
Enable PAM Sessions¶
To enable PAM sessions on a Linux worker, you must edit (or create) the [etc directory]/nomad_plugin.yaml
file. If the file doesn't exist, you should copy the template [etc directory]/nomad_plugin_default.yaml
and set the file permissions and ownership.
Change the setting:
# open_pam_session: false
to be true, for example:
open_pam_session: true
Verification¶
Verify Home directories are created
- run a Hello World program asynchronously
You can install a demo server via a button on the website, you should then be able to go to the Invocation Interface and run a "Hello World" program as a new user.