[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Validating the pool password



Hi David,

If your HTCondor is of the newer variety (8.0.0 or later) check out the
condor_ping tool, which you can use to see if authentication succeeds or
not.  For PASSWORD, you'd need to run the tool as Administrator because
you are checking daemon-to-daemon authentication and authorization.


Cheers,
-zach


On Tue, Nov 26, 2013 at 08:49:30AM +0000, Wilkins, David wrote:
>  
> 
> Hello.
> 
>  
> 
> On the Windows platform, we configure all machines in a pool for PASSWORD
> authentication. This requires adding the same pool password on all machines
> using âcondor_ctore_cred add âcâ. That works fine, it seems it only requires
> that the condor_master daemon be running.
> 
>  
> 
> We would like to provide functionality that indicates the validity of the pool
> password. In principle, that should be possible using âcondor_store_cred query
> âcâ. However, this has a couple of limitations:
> 
>  
> 
> Â        It only indicates whether a pool password is stored locally. It does
> not indicate whether it matches the password on the pool manager (or the
> machine identified by CREDD_HOST). So it might report that the credentials are
> valid when in fact the password is incorrect.
> 
> Â        It only works if the machine is running the condor_schedd daemon.
> 
>  
> 
> This begs a couple of questions:
> 
>  
> 
> 1.      Is there a good reason why querying the pool password existence
> requires the condor_schedd whereas adding or deleting it does not? Since the
> password is required on all processing nodes, it seems odd that its existence
> cannot easily be queried on those nodes.
> 
> 2.      Is there some other command that can be run to test the validity of the
> pool password with respect to the CREDD_HOST? On a processing node, one can
> wait for the condor_startd to fire up and then inspect its LocalCredd class ad,
> but it would be good if there were some more direct means, e.g. some variation
> of the âcondor_statusâ command?
> 
>  
> 
> Thanks,
> 
> David Wilkins
> 
>  
> 
>  
> 
> 
> Diese E-Mail wurde versandt im Auftrag des Unternehmens Intergraph (Schweiz) AG
> Vertretungsberechtigte GeschÃftsfÃhrer: Marc HÃnni
> PrÃsident des Verwaltungsrates: Marc HÃnni; Mitglied des Verwaltungsrates: Dr.
> Peter Karl Neuenschwander
> Sitz der Gesellschaft: Neumattstrasse 24, Postfach, 8953 Dietikon 1, Schweiz,
> Tel. +41 (0)43 322 46 46
> Eingetragen beim Handelsgericht des Kantons ZÃrich - Hauptregister Nr.:
> CH-020.3.913.558-2
> 
> This E-Mail has been sent on behalf of the company Intergraph (Schweiz) AG
> Authorised Managing Director: Marc HÃnni
> Chairman of the Board of Directors: Marc HÃnni; Member of the Board of
> Directors: Dr. Peter Karl Neuenschwander
> Registered office and Swiss headquarters: Neumattstrasse 24, Postfach, 8953
> Dietikon 1, Switzerland, Tel. +41 (0)43 322 46 46
> The company is recorded in the commercial register of the Canton of Zurich
> under number of the main register CH-020.3.913.558-2
> 
> Diese E-Mail (mit zugehÃrigen Dateien) enthÃlt mÃglicherweise Informationen,
> die vertraulich sind, dem Urheberrecht unterliegen oder ein GeschÃftsgeheimnis
> darstellen. Falls Sie diese Nachricht irrtÃmlicherweise erhalten haben,
> benachrichtigen Sie uns bitte umgehend, indem Sie eine Antwort senden, und
> lÃschen Sie bitte diese E-Mail und ihre Antwort darauf. SÃmtliche aufgefÃhrten
> Ansichten oder Meinungen sind ausschliesslich diejenigen des Autors und
> entsprechen nicht notwendigerweise denen des Unternehmens Intergraph.
> 
> This E-Mail (and any attachments) may be confidential and protected by legal
> privilege. If you are not the intended recipient please notify us immediately
> by replying to the sender and delete this E-Mail and your reply from your
> system. All the views and opinions published here are solely based on the
> author's own opinion and should not be considered necessarily as reflecting the
> opinion of Intergraph.
> 
>  
> 
>  
> 

> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> 
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/