Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Validating the pool password

Date: Wed, 27 Nov 2013 19:24:59 +0000
From: "Wilkins, David" <David.Wilkins@xxxxxxxxxxxxxx>
Subject: Re: [HTCondor-users] Validating the pool password

Thanks Zachary. I omitted to mention that we are using 7.8.3, but I will try 8.0.x and look into the condor_ping tool...

David

Diese E-Mail wurde versandt im Auftrag des Unternehmens Intergraph (Schweiz) AG
Vertretungsberechtigte GeschÃftsfÃhrer: Marc HÃnni
PrÃsident des Verwaltungsrates: Marc HÃnni; Mitglied des Verwaltungsrates: Dr. Peter Karl Neuenschwander
Sitz der Gesellschaft: Neumattstrasse 24, Postfach, 8953 Dietikon 1, Schweiz, Tel. +41 (0)43 322 46 46
Eingetragen beim Handelsgericht des Kantons ZÃrich - Hauptregister Nr.: CH-020.3.913.558-2

This E-Mail has been sent on behalf of the company Intergraph (Schweiz) AG
Authorised Managing Director: Marc HÃnni
Chairman of the Board of Directors: Marc HÃnni; Member of the Board of Directors: Dr. Peter Karl Neuenschwander
Registered office and Swiss headquarters: Neumattstrasse 24, Postfach, 8953 Dietikon 1, Switzerland, Tel. +41 (0)43 322 46 46
The company is recorded in the commercial register of the Canton of Zurich under number of the main register CH-020.3.913.558-2

Diese E-Mail (mit zugehÃrigen Dateien) enthÃlt mÃglicherweise Informationen, die vertraulich sind, dem Urheberrecht unterliegen oder ein GeschÃftsgeheimnis darstellen. Falls Sie diese Nachricht irrtÃmlicherweise erhalten haben, benachrichtigen Sie uns bitte umgehend, indem Sie eine Antwort senden, und lÃschen Sie bitte diese E-Mail und ihre Antwort darauf. SÃmtliche aufgefÃhrten Ansichten oder Meinungen sind ausschliesslich diejenigen des Autors und entsprechen nicht notwendigerweise denen des Unternehmens Intergraph.

This E-Mail (and any attachments) may be confidential and protected by legal privilege. If you are not the intended recipient please notify us immediately by replying to the sender and delete this E-Mail and your reply from your system. All the views and opinions published here are solely based on the author's own opinion and should not be considered necessarily as reflecting the opinion of Intergraph.

-----Original Message-----
From: HTCondor-users [mailto:htcondor-users-bounces@xxxxxxxxxxx] On Behalf Of Zachary Miller
Sent: Wednesday, November 27, 2013 17:53
To: HTCondor-Users Mail List
Subject: Re: [HTCondor-users] Validating the pool password

Hi David,

If your HTCondor is of the newer variety (8.0.0 or later) check out the condor_ping tool, which you can use to see if authentication succeeds or not.  For PASSWORD, you'd need to run the tool as Administrator because you are checking daemon-to-daemon authentication and authorization.

Cheers,
-zach

On Tue, Nov 26, 2013 at 08:49:30AM +0000, Wilkins, David wrote:
>
>
> Hello.
>
>
>
> On the Windows platform, we configure all machines in a pool for
> PASSWORD authentication. This requires adding the same pool password
> on all machines using âcondor_ctore_cred add âcâ. That works fine, it
> seems it only requires that the condor_master daemon be running.
>
>
>
> We would like to provide functionality that indicates the validity of
> the pool password. In principle, that should be possible using
> âcondor_store_cred query âcâ. However, this has a couple of limitations:
>
>
>
> Â        It only indicates whether a pool password is stored locally. It does
> not indicate whether it matches the password on the pool manager (or
> the machine identified by CREDD_HOST). So it might report that the
> credentials are valid when in fact the password is incorrect.
>
> Â        It only works if the machine is running the condor_schedd daemon.
>
>
>
> This begs a couple of questions:
>
>
>
> 1.      Is there a good reason why querying the pool password existence
> requires the condor_schedd whereas adding or deleting it does not?
> Since the password is required on all processing nodes, it seems odd
> that its existence cannot easily be queried on those nodes.
>
> 2.      Is there some other command that can be run to test the validity of the
> pool password with respect to the CREDD_HOST? On a processing node,
> one can wait for the condor_startd to fire up and then inspect its
> LocalCredd class ad, but it would be good if there were some more
> direct means, e.g. some variation of the âcondor_statusâ command?
>
>
>
> Thanks,
>
> David Wilkins
>
>
>
>
>
>
> Diese E-Mail wurde versandt im Auftrag des Unternehmens Intergraph
> (Schweiz) AG Vertretungsberechtigte GeschÃftsfÃhrer: Marc HÃnni
> PrÃsident des Verwaltungsrates: Marc HÃnni; Mitglied des Verwaltungsrates: Dr.
> Peter Karl Neuenschwander
> Sitz der Gesellschaft: Neumattstrasse 24, Postfach, 8953 Dietikon 1,
> Schweiz, Tel. +41 (0)43 322 46 46 Eingetragen beim Handelsgericht des
> Kantons ZÃrich - Hauptregister Nr.:
> CH-020.3.913.558-2
>
> This E-Mail has been sent on behalf of the company Intergraph
> (Schweiz) AG Authorised Managing Director: Marc HÃnni Chairman of the
> Board of Directors: Marc HÃnni; Member of the Board of
> Directors: Dr. Peter Karl Neuenschwander Registered office and Swiss
> headquarters: Neumattstrasse 24, Postfach, 8953 Dietikon 1,
> Switzerland, Tel. +41 (0)43 322 46 46 The company is recorded in the
> commercial register of the Canton of Zurich under number of the main
> register CH-020.3.913.558-2
>
> Diese E-Mail (mit zugehÃrigen Dateien) enthÃlt mÃglicherweise
> Informationen, die vertraulich sind, dem Urheberrecht unterliegen oder
> ein GeschÃftsgeheimnis darstellen. Falls Sie diese Nachricht
> irrtÃmlicherweise erhalten haben, benachrichtigen Sie uns bitte
> umgehend, indem Sie eine Antwort senden, und lÃschen Sie bitte diese
> E-Mail und ihre Antwort darauf. SÃmtliche aufgefÃhrten Ansichten oder
> Meinungen sind ausschliesslich diejenigen des Autors und entsprechen nicht notwendigerweise denen des Unternehmens Intergraph.
>
> This E-Mail (and any attachments) may be confidential and protected by
> legal privilege. If you are not the intended recipient please notify
> us immediately by replying to the sender and delete this E-Mail and
> your reply from your system. All the views and opinions published here
> are solely based on the author's own opinion and should not be
> considered necessarily as reflecting the opinion of Intergraph.
>
>
>
>
>

> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx
> with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

References:
- [HTCondor-users] Validating the pool password
  - From: Wilkins, David
- Re: [HTCondor-users] Validating the pool password
  - From: Zachary Miller

Prev by Date: Re: [HTCondor-users] condor_off broken?
Next by Date: Re: [HTCondor-users] condor_off broken?
Previous by thread: Re: [HTCondor-users] Validating the pool password
Next by thread: [HTCondor-users] condor_off broken?
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] Validating the pool password