Hello Experts,
We are planning to upgrade the LTS htcondor version in our infra.
I have gone through the documentation specificallyÂabout the steps of upgrading and HTCondor security. We are using Host Based security and flocking in our setup.Â
Have couple of queries after doing the rpm based installationÂof 9.0.z on test setup:Â
- Default security setting is "use security:recommended_v9_0" which translates everything to user based instead of host based. Is recommended_v9_0 using TOKENIDÂfor authentication underneath? If not then what can I use in-place of "security:recommended_v9_0" in variable SEC_DEFAULT_AUTHENTICATION_METHODS to achieveÂ9.0.x security?
- after starting the central manager,Â/etc/condor/passwords.d/POOL credential file is automatically generated, I had to copy this file on submit and worker nodes to make them communicate with the central manager node. This looks related to password based authentication. I don't see anything generated inÂ/etc/condor/tokens.d/ for TOKENIDÂbased authentication? However I am able to create user token, is /etc/condor/passwords.d/POOL signing the JWT tokens? if yes, then in which scenario tokes.d directory will be used?
- Also as mentioned in [1] with flock based conf, password authentication will not work instead TOKENID, I didn't understand how it helps? Even with recommended_v9_0 I see only a POOL fileÂis created. This will also become challenging for flock based conf, as I need to copy the same POOL file from two different pools on a single submit node?Â
Thanks & Regards,
Vikrant Aggarwal
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}