Re: [HTCondor-users] how to pass passwords to multiple condor_q commands

[Jose Caballero <jcaballero.hep@xxxxxxxxx>]

2016-03-21 15:12 GMT-04:00 Zach Miller <zmiller@xxxxxxxxxxx>:
> On 3/21/16, 1:32 PM, "HTCondor-users on behalf of Jose Caballero" <htcondor-users-bounces@xxxxxxxxxxx on behalf of jcaballero.hep@xxxxxxxxx> wrote:
>>Hi,
>>
>>let's say I want to run, in parallel, several condor_q commands
>>against different remote schedds, each one of them requiring different
>>password.
>
> Are you talking about the Pool Password authentication mechanism?  This method was not designed for end-users, just daemon-to-daemon authentication. (Or possibly running user tools as root)
>
> There is no way to pass the password itself.  It is always read from a file (UNIX) or the registry (Windows) inside the authentication code.  As such, the best you can do today is to have multiple files containing the various passwords and set a per-invocation environment variable:
>
> _CONDOR_SEC_PASSWORD_FILE=/home/world-readable-passwords/password-file1 condor_q ...
>
> Really, though, users should not be allowed to read or use the password files, and for your model I'd suggest you create an SSL cert that is accepted by each of the ScheddDs.
>
>
> Cheers,
> -zach
>
> _


Hi Zach,

The schedds are not under my control, so not easy to have a single SSL
cert for all of them.
So I guess the only way is, every time one of them is running, to lock
the others to avoid mixing the _CONDOR_SEC_PASSWORD_FILE variables.

Thanks a lot.

Cheers,
Jose