<HTML><BODY>
<br />
<br />
<BR>
<BR>
Hi all,<BR>
<BR>
I'm late to the discussion, but if I correctly understands John's<BR>
question, it's about *dynamically* restricting user access on compute<BR>
nodes where they have no job running, rather than just preventing all<BR>
users to log on any node.<BR>
For that matter, a great solution is to use a PAM module, that asks<BR>
the scheduler if the user trying to connect effectively has a job<BR>
running on that node.<BR>
<BR>
Those PAM modules exist for pretty much every scheduler:<BR>
- SGE: <a href="https://github.com/BagOfMostlyWater/sge-sshd-control" target="_blank">https://github.com/BagOfMostlyWater/sge-sshd-control</a> or <BR>
3rdparty/tacc_pam_sge/ in SGE source tree<BR>
- Slurm: <a href="https://computing.llnl.gov/linux/slurm/faq.html#pam" target="_blank">https://computing.llnl.gov/linux/slurm/faq.html#pam</a> <BR>
- PBS/Torque: <a href="http://docs.adaptivecomputing.com/torque/4-1-4/help.htm#topics/3-nodes/hostSecurity.htm" target="_blank">http://docs.adaptivecomputing.com/torque/4-1-4/help.htm#topics/3-nodes/hostSecurity.htm</a> <BR>
- LSF: <a href="http://sourceforge.net/projects/lsf-pam-module/" target="_blank">http://sourceforge.net/projects/lsf-pam-module/</a> (not sure it <BR>
still works, though)<BR>
<BR>
<BR>
<BR>
Killian, that is very helpful reply. Thankyou.<BR>
<BR>
No, not particularly 'dynamically' restricting user access.<BR>
What I have set up is visualization nodes for engineers to examine post-processed data, using OpenGL based tools.<BR>
They would normally either sit at the console of the workstation, or use a VNC session.<BR>
I have configured PBS interactive jobs, so I can allocate machines with spare capacity to visualization sessions,<BR>
and also to automatically set up the VNC sessions.<BR>
Would like to prevent console X sessions, and direct logins to start VNC sessions 'by hand'.<BR>
This PBS parameter looked very useful to do just that.<BR>
<br />
<br />
The contents of this e-mail are confidential and for the exclusive use of the intended recipient.
If you are not the intended recipient you should not read, copy, retransmit or disclose its contents.
If you have received this email in error please delete it from your system immediately and notify us either by email or telephone.
The views expressed in this communication may not necessarily be the views held by McLaren Racing Limited.
<br />McLaren Racing Limited | McLaren Technology Centre | Chertsey Road | Woking | Surrey | GU21 4YH | UK | Company Number: 01517478
</BODY></HTML>