Re: [HTCondor-users] condor_store_cred delete without password

[Todd Tannenbaum <tannenba@xxxxxxxxxxx>]

On 3/5/2015 12:51 PM, Aaron Barraclough wrote:
> Hello,
>
> I was wondering if there was a way to use the condor_store_cred delete
> -u user@xxxxxxxxxxx without having to input a
> password in case I wanted to revoke the user's access?
>
> Thanks,
> Aaron

Could the user just re-run condor_store_cred and replace the password 
you removed?

If you want to deny user@company the ability to submit/remove/edit jobs, 
you could append to the condor_config file of your submit machine(s) 
something like

   # Don't let user tannenba edit the job queue because
   # he has been very naughty.  Added by Aaron 2/15/2015.
   DENY_WRITE = $(DENY_WRITE) tannenba@*

Then of course do a condor_reconfig.  This assumes your pool is secure 
in the sense that your central manager authenticates machines that want 
to join your pool, thus preventing naughty user tannenba from starting 
up his own condor_schedd daemon instance without the DENY_WRITE config 
above and joining your pool....

regards,
Todd