Skip to content

Linux Pluggable Authentication Modules (PAM)

Before you start

Goal

  • Configure PAM to create user directories.

Prerequisites

  • All servers in the Altair SLC Hub cluster should be joined to the domain (or have SSSD configured).

Operating System PAM Settings

During installation on a worker node, the hub will install a configuration file for PAM /etc/pam.d/slchub that contains the following settings: 

auth        include       system-auth
account     include       system-auth
password    include       system-auth
session     include       system-auth

This tells the system to use the standard login configuration for the Hub pam sessions. The system authorization may be configured to create home directories. This is the default for many Linux distributions, and can be seen in the /etc/pam.d/system-auth file as the line 

session     optional     pam_oddjob_mkhomedir.so

Disable PAM Sessions

By default a PAM session is started when a workload is run on a Linux worker. This can be disabled if necessary. To do this, you must edit (or create) the [etc directory]/nomad_plugin.yaml file. If the file doesn't exist, you should copy the template [etc directory]/nomad_plugin_default.yaml and set the file permissions and ownership.

Change the setting: 

# open_pam_session: true

to be false, for example: 

open_pam_session: false

Verification

Verify Home directories are created

  • run a Hello World program asynchronously

You can install a demo server via a button on the website, you should then be able to go to the Invocation Interface and run a "Hello World" program as a new user.