...
It seems that installing HTCondor-9.0.4 via RPMs doesn't automatically create an idtoken file in /etc/condor/passwords.d/POOL like the documentation reads https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=idtokens#quick-configuration-of-security So how does one create the SEC_TOKEN_POOL_SIGNING_KEY_FILE if it doesn't already exist?
Also, with the RPM install, ALLOW_WRITE = * which seems inherantly insecure. What should ALLOW_WRITE be when using idtokens so that things don't use host_based authentication?
idtokens
SEC_TOKEN_POOL_SIGNING_KEY (a.k.a. pool signing key): where does it need to live? Only on the CM? On all nodes? Other?
condor_off vs condor_drain
...