[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] Moving CM to new host
- Date: Tue, 19 Apr 2022 20:29:59 +0000
- From: "Bockelman, Brian" <BBockelman@xxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] Moving CM to new host
> On Apr 19, 2022, at 2:55 PM, Michael Thomas <wart@xxxxxxxxxxx> wrote:
> Hi Brian,
> As always, you were right. Changing the security requirements from 'OPTIONAL' to 'REQUIRED' fixed it.
> I still don't quite understand why there are no token requests showing up or being generated in /etc/condor/tokens.d. But since my startds and collector are talking with each other, I'm not going to worry about it.
Any possibility you have a common signing key (the "pool password") on each hosts?
If there's no token in place - but the pool password is present - the daemons will generate a token in-memory and use that to authenticate (recall: anyone with the signing key can create their own valid token). The idea was to create a "graceful fallback" to PASSWD-like authentication and ease the transition for folks coming from that mechanism.