I'm using a setup of HTCondor on Windows which executes jobs using a dedicated user account (SLOT_USER). I can't use the standard "transient" accounts as the user account used for the jobs needs special privileges which I configured
for the dedicated account.
I used to register the dedicated account credentials on execution machines using condor_store_cred. This worked fine in Condor version 8.4.x and earlier.
When switching from HTCondor version 8.4.7 to 8.6.4 the setup stopped working though and the condor_store_cred failed to store the credentials of the dedicated account and printed its standard error message:
"Operation failed. Make sure your ALLOW_WRITE setting includes this host."
Digging through the source I found a part which was introduced in the 8.6 series as it seems:
condor-8.6.4/src/condor_utils/store_cred.cpp (line 725): // We don't allow one user to set another user's credential
The code part which follows leads to the failure. As I install condor using my own account which has administrative permissions and register the credentials of the execution account during the installation process, I'm trying to register the credentials
of an account I'm not logged in with. I'm curious whether there's a workaround/best practice for such a setup available. For now I have removed the restriction from store_cred.cpp for my setup and recompiled HTCondor but this is not an optimal solution of