Re: [HTCondor-users] Is it possible to use remote condor_config_val if password authentication is required?

[Zach Miller <zmiller@xxxxxxxxxxx>]

> Is is possible to get condor_config_val to use password authentication?
> (Somebody mentioned in the past that condor tools don't even attempt to
> read the password file.)

It is possible.

By default, users running the tools don't have filesystem permissions to read the password file, which is why it's not in the default list of methods.

However, if you run condor_config_val as root (or as the condor user) then it can read the password file and authenticate.  You also then need to tell the tool that it is allowed to attempt password authentication, which you can do temporarily by setting the environment variable:
  _CONDOR_SEC_CLIENT_AUTHENTICATION_METHODS=PASSWORD

Or, you could add password to the list of client methods in your condor_config as well, but make sure you put it last since otherwise normal users running tools will attempt to use PASSWORD and it will always fail.  Other methods may then be attempted, but it just increases network traffic and noise in the logs.


Cheers,
-zach