Versions Compared

Old Version 448

changes.mady.by.user K Scott Rowe

Saved on

compared with

New Version 449

changes.mady.by.user K Scott Rowe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

idtokens

...

It seems that installing HTCondor-9.0.4 via RPMs doesn't automatically create signing key in /etc/condor/passwords.d/POOL like the documentation reads https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=idtokens#quick-configuration-of-security

Also with the RPM install, ALLOW_WRITE = * which seems insecure.  Does this even matter when use security:recommended_v9_0

idtokens

On just the CM

openssl rand -base64 32 | condor_store_cred add -c -f /etc/condor/passwords.d/POOL
condor_token_create -identity condor@testpost-cm.aoc.nrao.edu > /etc/condor/tokens.d/condor@testpost-cm.aoc.nrao.edu
echo 'SEC_TOKEN_POOL_SIGNING_KEY_FILE = /etc/condor/passwords.d/POOL' >> /etc/condor/config.d/99-nrao

...

testpost-cm-vml root >condor_ping -address "<10.64.1.172:9618>" -table -type startd all

Instruction Authentication Encryption Integrity Decision Identity

ALLOW FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

READ FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

WRITE FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

NEGOTIATOR FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

ADMINISTRATOR FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

OWNER FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

CONFIG FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

DAEMON FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

ADVERTISE_STARTD FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

ADVERTISE_SCHEDD FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)

ADVERTISE_MASTER FAIL FAIL FAIL FAIL FAIL (use -verbose for more info)


idtokens with RPMs

It seems that installing HTCondor-9.0.4 via RPMs doesn't automatically create signing key in /etc/condor/passwords.d/POOL like the documentation reads https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=idtokens#quick-configuration-of-security

Also with the RPM install, ALLOW_WRITE = * which seems insecure.  Does this even matter when use security:recommended_v9_0


condor_gpu_discovery

I can't find the condor_gpu_discovery on my cluster (HTCondor-9.0.4) or CHTC (9.1.4) even on a GPU host.

...