Give pam_slurm_adopt higher priority than pam_sss.

IKIM-Essen · Oct 10, 2023 · 25f45e8 · 25f45e8
1 parent f69d384
commit 25f45e8
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 11 deletions.
diff --git a/ansible/roles/slurm_install/files/pam-config-slurm b/ansible/roles/slurm_install/files/pam-config-slurm
@@ -0,0 +1,8 @@
+Name: Slurm adopt
+Default: no
+# The priority must be higher than /usr/share/pam-configs/sss
+Priority: 129
+
+Account-Type: Additional
+Account:
+	sufficient	pam_slurm_adopt.so
diff --git a/ansible/roles/slurm_install/files/sshd-pam-slurm-adopt b/ansible/roles/slurm_install/files/sshd-pam-slurm-adopt
diff --git a/ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml b/ansible/roles/slurm_install/tasks/slurm_pam_adopt.yml
@@ -21,19 +21,20 @@
     masked: true
     state: stopped
 
-- name: Remove the pam_systemd module given that the systemd-logind service is masked
+- name: Add a PAM profile for the pam_slurm_adopt module
+  ansible.builtin.copy:
+    src: pam-config-slurm
+    dest: /usr/share/pam-configs/slurm
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Generate the PAM configuration
   ansible.builtin.command:
     argv:
       - pam-auth-update
+      - --enable
+      - slurm
       - --remove
       - systemd
   changed_when: true
-
-- name: Add the PAM module pam_slurm_adopt at the bottom of the sshd stack
-  ansible.builtin.blockinfile:
-    path: /etc/pam.d/sshd
-    block: "{{ lookup('file', 'sshd-pam-slurm-adopt') }}"
-    owner: root
-    group: root
-    mode: "0644"
-    state: present