[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] how to pass passwords to multiple condor_q commands



On 3/21/16, 1:32 PM, "HTCondor-users on behalf of Jose Caballero" <htcondor-users-bounces@xxxxxxxxxxx on behalf of jcaballero.hep@xxxxxxxxx> wrote:
>Hi,
>
>let's say I want to run, in parallel, several condor_q commands
>against different remote schedds, each one of them requiring different
>password.

Are you talking about the Pool Password authentication mechanism?  This method was not designed for end-users, just daemon-to-daemon authentication. (Or possibly running user tools as root)

There is no way to pass the password itself.  It is always read from a file (UNIX) or the registry (Windows) inside the authentication code.  As such, the best you can do today is to have multiple files containing the various passwords and set a per-invocation environment variable:

_CONDOR_SEC_PASSWORD_FILE=/home/world-readable-passwords/password-file1 condor_q ...

Really, though, users should not be allowed to read or use the password files, and for your model I'd suggest you create an SSL cert that is accepted by each of the ScheddDs.


Cheers,
-zach