Can OOD auth be handled by PAM?


#1

Hello,

We are trying to deploy OpenOnDemand on our HPC at the University of Oregon (UO), but we are stuck on user authentication. We have a local LDAP server that handles all user accounts, but password authentication happens in one of two ways: 1) users with UO accounts which are authenticated to a central UO Active Directory server via Kerberos, and 2) external collaborators who do not have UO accounts are authenticated to our local LDAP server. This situation is properly handled by our PAM configuration. Is it possible to configure the OOD portal to hand off authentication to PAM? If so, how is this done? If not, are there any alternatives to handle this scenario?

Thanks!

Robert Yelle
University of Oregon


#2

Dear Robert,

We got this working on our cluster (CentOS 6 based) by installing the mod_authnz_external module for apache in combination with pwauth.
see here for more details:
https://www.server-world.info/en/note?os=CentOS_7&p=httpd&f=10
We only found it to be relatively slow compared to the basic authentication.

Jacob Baggerman
Organic Chemistry
Wageningen University