Dear HTCondor experts, We are currently trying to switch our cluster from using password authentication to a token based approach. For this we updated to HTCondor 8.9.11. In our setup we do not want to have the pool password present on all nodes, but only the central manager (mainly for security reasons as some worker nodes will be hosted off site outside of our direct control and we want to avoid having to use the pool password for them). We have created a token on the central manager for the respective user and with the needed capabilities and distributed it to the worker nodes. After deploying the tokens starting up HTCondor on the worker nodes works fine and also jobs run fine. However, we noticed that we are unable to drain the worker nodes from our central manager as we are unable to authenticate with the worker nodes. Reading the documentation, this probably is the case as there is no password present on the worker nodes and hence no (valid) tokens can be used for authenticating with them. Now I am a bit lost, since our original assumption was that we do not need to distribute a (common) password to the worker nodes (which could then be used to create a token for authenticating with the worker nodes). Are we missing something obvious here? Is there any recommended way how to achieve what we intend? Thanks, Rene -- Karlsruher Institut fÃr Technologie (KIT) Steinbuch Centre for Computing (SCC) Dr. Renà Caspart Hermann-von-Helmholtz-Platz 1 76344 Eggenstein-Leopoldshafen, Germany Telefon: +49 721 608-25631 E-mail: Rene.Caspart@xxxxxxx Sitz der KÃrperschaft: KaiserstraÃe 12, 76131 Karlsruhe KIT â Die ForschungsuniversitÃt in der Helmholtz-Gemeinschaft
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature