Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
On 4/19/22 15:29, Bockelman, Brian wrote:
On Apr 19, 2022, at 2:55 PM, Michael Thomas <wart@xxxxxxxxxxx> wrote: Hi Brian, As always, you were right. Changing the security requirements from 'OPTIONAL' to 'REQUIRED' fixed it. I still don't quite understand why there are no token requests showing up or being generated in /etc/condor/tokens.d. But since my startds and collector are talking with each other, I'm not going to worry about it.Any possibility you have a common signing key (the "pool password") on each hosts? If there's no token in place - but the pool password is present - the daemons will generate a token in-memory and use that to authenticate (recall: anyone with the signing key can create their own valid token). The idea was to create a "graceful fallback" to PASSWD-like authentication and ease the transition for folks coming from that mechanism.
Yes, in fact I do have a pool password file on each host. The next time I get a chance, I'll remove the password file and see if the token requests start getting generated.
--Mike