idtokens
We are using HTCondor-9.0.4 and switched from using host_based security to idtoken security with the following procedure.
On just the Central Manager named testpost-cm (which is the collector and schedd)
...
then switch to use security:recommended_v9_0 in 00-htcondor-9.0.config
On all other the worker nodes (startdsstartd's)
scp testpost-cm:/etc/condor/passwords.d/POOL /etc/condor/passwords.d
scp testpost-cm:/etc/condor/tokens.d/condor\@testpost-cm.aoc.nrao.edu /etc/condor/tokens.d
echo 'SEC_TOKEN_POOL_SIGNING_KEY_FILE = /etc/condor/passwords.d/POOL' >> /etc/condor/config.d/99-nrao
...