[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_store_cred delete without password

On 3/5/2015 12:51 PM, Aaron Barraclough wrote:

I was wondering if there was a way to use the condor_store_cred delete
-u user@xxxxxxxxxxx without having to input a
password in case I wanted to revoke the user's access?


Could the user just re-run condor_store_cred and replace the password you removed?

If you want to deny user@company the ability to submit/remove/edit jobs, you could append to the condor_config file of your submit machine(s) something like

   # Don't let user tannenba edit the job queue because
   # he has been very naughty.  Added by Aaron 2/15/2015.
   DENY_WRITE = $(DENY_WRITE) tannenba@*

Then of course do a condor_reconfig. This assumes your pool is secure in the sense that your central manager authenticates machines that want to join your pool, thus preventing naughty user tannenba from starting up his own condor_schedd daemon instance without the DENY_WRITE config above and joining your pool....