Re: [HTCondor-users] Changing password used to secure pool?

[Angel de Vicente <angel.vicente.garrido@xxxxxxxxx>]

Hello,

John M Knoeller via HTCondor-users
<htcondor-users@xxxxxxxxxxx> writes:

> You should note that in the default HTCondor configuration the
> password file is also the POOL signing key.  Changing the POOL signing
> key will invalidate all IDTOKENS created with that key

This IDTOKENS bit is new to me, so I thought this was only necessary for
users if they wanted to submit from other machines where the
condor_schedd was not running. Obviously I'm missing something, since
after changing the SEC_PASSWORD_FILE, the worker machines cannot
authenticate and I get messages like:

ERROR: AUTHENTICATE:1003:Failed to authenticate with any method|AUTHENTICATE:1004:Failed to authenticate using FS|AUTHENTICATE:1004:Failed to authenticate using IDTOKENS

so I guess I have to renew the IDTOKENS as well, but I'm not sure how to
go about that. What is the best way to renew them?

Thanks,
-- 
Ãngel de Vicente                 -- (GPG: 0x64D9FDAE7CD5E939)
 Research Software Engineer (Supercomputing and BigData)
 Instituto de AstrofÃsica de Canarias (https://www.iac.es/en)