Add a new option pam_enable_slurm_adopt which enables the new slurm p…

…am module with cgroup adoption

defaults/main.yml

@@ -7,6 +7,9 @@ pam_use_sssd: False
 # Enable the pam_slurm.so module
 pam_enable_slurm: False
 
+# Enable the pam_slurm_adopt.so module
+pam_enable_slurm_adopt: False
+
 # These are allowed in /etc/security/access.conf, set when
 # pam_enable_slurm == True
 slurm_access_groups:

templates/system-auth.j2

@@ -10,14 +10,19 @@ auth        sufficient    pam_sss.so use_first_pass
 auth        required      pam_deny.so
 
 account     required      pam_unix.so
+{% if not pam_enable_slurm_adopt %}
 account     sufficient    pam_localuser.so
+{% endif %}
 account     sufficient    pam_succeed_if.so uid < 1000 quiet
 {% if pam_use_sssd %}
 account     [default=bad success=ok user_unknown=ignore] pam_sss.so
 {% endif %}
 {% if pam_enable_slurm %}
 account     sufficient    pam_access.so
 account     required      pam_slurm.so
+{% elif pam_enable_slurm_adopt %}
+-account     sufficient    pam_slurm_adopt.so action_adopt_failure=deny action_generic_failure=deny
+account     required      pam_access.so
 {% endif %}
 account     required      pam_permit.so
 
@@ -30,7 +35,9 @@ password    required      pam_deny.so
 
 session     optional      pam_keyinit.so revoke
 session     required      pam_limits.so
+{% if not pam_enable_slurm_adopt %}
 -session     optional      pam_systemd.so
+{% endif %}
 session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 session     required      pam_unix.so
 {% if pam_use_sssd %}