[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_store_cred delete without password

It's a pretty small Windows environment in which users only have access to submit jobs through a IIS/PHP web site I created that runs on the condor master. A script that runs condor_store_cred add is executed when they first visit the site and jobs are submitted under their username. Outside of this they have no access to condor (not to mention they don't even know their using condor).

The reason I was interested in removing without having to input the stored password is that I don't have access to user passwords. Are the cred's stored in a file where I could modify it and delete their entry?


On Thu, Mar 5, 2015 at 2:34 PM, Todd Tannenbaum <tannenba@xxxxxxxxxxx> wrote:
On 3/5/2015 12:51 PM, Aaron Barraclough wrote:

I was wondering if there was a way to use the condor_store_cred delete
-u user@xxxxxxxxxxx without having to input a
password in case I wanted to revoke the user's access?


Could the user just re-run condor_store_cred and replace the password you removed?

If you want to deny user@company the ability to submit/remove/edit jobs, you could append to the condor_config file of your submit machine(s) something like

 Â# Don't let user tannenba edit the job queue because
 Â# he has been very naughty. Added by Aaron 2/15/2015.
 ÂDENY_WRITE = $(DENY_WRITE) tannenba@*

Then of course do a condor_reconfig. This assumes your pool is secure in the sense that your central manager authenticates machines that want to join your pool, thus preventing naughty user tannenba from starting up his own condor_schedd daemon instance without the DENY_WRITE config above and joining your pool....


HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@cs.wisc.edu with a
subject: Unsubscribe
You can also unsubscribe by visiting

The archives can be found at: