From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search

"Pluggable Authentication Module." Programs that are aware of PAM use the modules defined in the PAM configuration files for making authentication/access decisions.

Remote Access Control

/etc/pam.d/sshd contains account required
/etc/security/access.conf contains the rules for who can log into the machine.

Should contain these lines otherwise ssh among other service will not authenticate to einstein.
auth sufficient use_first_pass
account required broken_shadow
account [default=bad success=ok user_unknown=ignore]
password sufficient sha512 shadow nullok try_first_pass use_authtok
password sufficient use_authtok
session optional

Chart of what groups can log onto what machines:

name restricted by access.conf no group npg farm domain_admins splunker
einstein no yes yes yes yes
lentil no yes yes yes yes
gourd yes no yes no yes
roentgen yes no yes no yes
taro yes no no yes yes
pepper yes no no yes yes
jalapeno yes no no no yes yes
tomato yes no yes no yes
okra yes no yes no yes

Users in NPG

  • adams
  • adrian
  • aduston
  • bm
  • bogdan
  • dabagian
  • dawson
  • edh
  • gavalian
  • hersman
  • hz5w
  • iimothys
  • iulian
  • jhh
  • johnk
  • jrc
  • karpiusp
  • ketel
  • lzana
  • maurik
  • mmason
  • muradian
  • nenchev
  • octavian
  • pjb
  • protopop
  • sgarman
  • shepard
  • silas
  • wzm
  • crowlebw
  • hovanes
  • cglynn
  • wporter
  • jketel
  • ntadmin
  • domain_admin
  • bradford
  • momi
  • mccoyst
  • minuti
  • dal
  • bbobbin
  • ndelete
  • kyle
  • jishnu
  • dan
  • junnarkar
  • sam
  • steve
  • karpiustest
  • sarahp

External Links

pam_access PAM module document