[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] Authentication code refactor



Dear Cole / devs,

On 09/04/2022 04:20, Marco van Zwetselaar wrote:
Thanks for digging into this. The various revisions and comments ("hack for now") surrounding daemon vs user and server vs client in the authentication code suggest a long history of organic growth :-) and you may need to start with some conceptual clean-up.
I've given this some thought. My hunch is that the main design issue 
with the Condor_Auth class (hierarchy) is that too many responsibilities 
have crept into it. It is expected to figure out "on its own" at which 
end of the peering it is operating (client or server), and, when client, 
on behalf of what principal (user or condor).
The class currently tries to derive this from both dynamic (am I running 
as root?) and structural information (am I integrated in a daemon 
component?), and this gets confusing as it needs to draw different 
conclusions in different code paths (hence the "hacks").
The solution would probably be to explicitly pass the relevant 
information to Condor_Auth, in its constructor for structural 
properties, and as an argument to authenticate() for behaviour that 
depends on runtime context.
Cheers
Marco