Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] separating capabilities in individual idtokens?
- Date: Wed, 10 May 2023 20:22:07 +0000
- From: "Bockelman, Brian" <BBockelman@xxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] separating capabilities in individual idtokens?
Sent from my iPhone
> On May 10, 2023, at 9:50 AM, Thomas Hartmann <thomas.hartmann@xxxxxxx> wrote:
>
> ïHi all,
>
> is it actually possible to separate capabilities into individual idtokens?
>
> E.g., a daemon/node should get READ and WRITE command capabilities.
>
> Instead of generating a r/w token
> > condor_token_create -authz WRITE - -authz READ token rw.idtoken
> would it be possible to use two separate tokens, one for read - one for write, and drop both into the deamon's tokens.d instead?
>
> Or would the master pick and use the first token it finds for the trust domain of the collector?
Itâs a long set of technical reasons why â but the short version is the first matching token is used and the âauthâ level isnât used in the matching process.
>
> Cheers,
> Thomas
>
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
>
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/