[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] New feature request: condor_store_cred verify

To follow up on this thread:

Starting in 6.6.8 (and 6.7.3) the 'condor_store_cred query' command will only succeed if the credential is both stored and valid. In the case of a stored, but invalid credential, condor_store_cred reports this and advises to re-run 'condor_store_cred add'.


Ian Chesal Wrote:

The scenario: user changes their NT password and then forgets to run
condor_store_cred delete/add to update the stored credentials. The
trouble arises when a scripted interface to condor uses
"condor_store_cred query" to ensure the user has stored their
credentials -- it returns true if the credentials are stored, even if
they are stale. It would be useful to either augment the query argument
or add a verify argument to condor_store_cred that checks the stored
credentials to make sure a user's credentials that are stored work.

Currently users see errors in their shadow.log file if their credentials
aren't working. I don't want to have to educate my users on Condor log
file analysis.

Seems like a trivial thing to check that the stored credentials function
properly on-demand like this.