Hi
I am currently managing a pool that has two credd systems behind a virtualÂIP and every node in the pool's config is currently defining `CREDD_HOST` pointing to the DNS name of the virtual IP. With this setup, running `condor_status -subsystem credd` yields a single CredD ClassAd - belonging to the daemon on the system that started most recently. The idea behind the virtualÂIP was high availability of the CredD daemon, however since only one CredD class ad exists, I am not certain it is doing the right thing.
I've tested having two separate systems advertise themselves as CredD daemons without defining `CREDD_HOST` across the pool. This configuration results in having two CredD class ads in the pool (one for each configured system) but there is subsequently no LocalCredd attribute being defined on the execute nodes; I think because we are omitting `CREDD_HOST`.
Are multiple CredD hosts supported in a single pool, and if so, how can we help the execute nodes pick one as the LocalCredd? I am only worried about the existence of a LocalCredd being chosen because the documentation states that this is necessary to run jobs as the owner on Windows.
While I am mentioning the documentation, I also noticed the documentation calling out a shared pool password as a prerequisite for the credd_daemon. Am I correct to assume that a shared signing key when using IDTOKEN authentication can stand in for the shared pool password?
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}