Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Changing password used to secure pool?

Date: Mon, 13 Feb 2023 18:58:42 +0000
From: John M Knoeller <johnkn@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] Changing password used to secure pool?

You are correct.  

If it is more convenient, there is no need to use condor_store_cred to overwrite the password file.  You could create a password file (32 bytes of randomness would be fine) and then just copy it over the SEC_PASSWORD_FILE file on each machine while HTCondor is not running.  

Make sure that the file is readable only by root. 

You should note that in the default HTCondor configuration the password file is also the POOL signing key.  Changing the POOL signing key will invalidate all IDTOKENS created with that key

-tj

-----Original Message-----
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> On Behalf Of Angel de Vicente
Sent: Monday, February 13, 2023 12:39 PM
To: htcondor-users@xxxxxxxxxxx
Subject: [HTCondor-users] Changing password used to secure pool?

Hello,

I have recently installed a number of machines in our pool, with the
get-htcondor script, and using the environment variable
GET_HTCONDOR_PASSWORD to provide the password to secure the pool.

What would be the best way to change this password with the minimum
disruption to the pool?

>From reading the documentation at
https://htcondor.readthedocs.io/en/latest/admin-manual/security.html?highlight=sec_password_file#password-authentication
I take it that:

+ this password is stored in the file pointed at by the variable
SEC_PASSWORD_FILE,
+ to modify it I would have to run condor_store_cred add-pwd -f
${SEC_PASSWORD_FILE} in all Pool machines
+ and I assume then restart HTCondor?

Is this the right procedure?

Thanks,
-- 
Ãngel de Vicente                 -- (GPG: 0x64D9FDAE7CD5E939)
 Research Software Engineer (Supercomputing and BigData)
 Instituto de AstrofÃsica de Canarias (https://www.iac.es/en)

_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
You can also unsubscribe by visiting
https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users

The archives can be found at:
https://lists.cs.wisc.edu/archive/htcondor-users/

Follow-Ups:
- Re: [HTCondor-users] Changing password used to secure pool?
  - From: Angel de Vicente

References:
- [HTCondor-users] Changing password used to secure pool?
  - From: Angel de Vicente

Prev by Date: [HTCondor-users] Changing password used to secure pool?
Next by Date: Re: [HTCondor-users] Changing password used to secure pool?
Previous by thread: [HTCondor-users] Changing password used to secure pool?
Next by thread: Re: [HTCondor-users] Changing password used to secure pool?
Index(es):
- Date
- Thread

Mailing List Archives

Authenticated access

Re: [HTCondor-users] Changing password used to secure pool?