From 7d097878c20d23593a6e3e5dc1ce51cf012e58f9 Mon Sep 17 00:00:00 2001
From: Chris Hines <chris.hines@monash.edu>
Date: Thu, 28 Oct 2021 09:23:35 +1100
Subject: [PATCH] Add pam_slurm_adopt for ubuntu nodes

---
 roles/pam_sshd/tasks/main.yml                        | 6 ++++++
 roles/pam_sshd/templates/computenodes_sshd_ubuntu.j2 | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/roles/pam_sshd/tasks/main.yml b/roles/pam_sshd/tasks/main.yml
index d4eee77b..2033aa34 100644
--- a/roles/pam_sshd/tasks/main.yml
+++ b/roles/pam_sshd/tasks/main.yml
@@ -22,6 +22,12 @@
   become_user: root
   when: computenodepam is defined and computenodepam and ansible_os_family=="Debian"
 
+- name: "Copy computenode password sshd pam config"
+  template: src=common-session_ubuntu.j2 dest=/etc/pam.d/common-session
+  become: true
+  become_user: root
+  when: computenodepam is defined and computenodepam and ansible_os_family=="Debian"
+
 - name: "Copy computenode password sshd pam config"
   template: src=computenodes_sshd_centos.j2 dest=/etc/pam.d/sshd
   become: true
diff --git a/roles/pam_sshd/templates/computenodes_sshd_ubuntu.j2 b/roles/pam_sshd/templates/computenodes_sshd_ubuntu.j2
index 2b3a5f61..aee26b0c 100644
--- a/roles/pam_sshd/templates/computenodes_sshd_ubuntu.j2
+++ b/roles/pam_sshd/templates/computenodes_sshd_ubuntu.j2
@@ -15,6 +15,8 @@ account    required     pam_nologin.so
 
 # Standard Un*x authorization.
 @include common-account
+-account   sufficient     pam_slurm_adopt.so
+account  required     pam_access.so
 
 # SELinux needs to be the first session rule.  This ensures that any
 # lingering context has been cleared.  Without this it is possible that a
-- 
GitLab