Mailing List Archives

Authenticated access

 		[Computer Systems Lab]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Managing usage of AP with condor_qusers

Hi Matthew,

Thanks for showing interest in the new user records on the AP functionality. This work still has lots of work to be done before it is considered complete, but what we have now is a key step . To answer your questions (in order):
  • There is a configuration knob that controls whether or not a user record is created the first time a user authenticates to the Schedd. If you set this to True, then only users who have had records created before hand by an administrator can run jobs. The configuration knob is ALLOW_SUBMIT_FROM_KNOWN_USERS_ONLY. This option is set to False by default
  • We would also like to be able to create an association between users and accounting groups/projects but that feature is currently in the planning stages
  • We are working on python bindings for managing (admin permissions) and querying (world readable) the user records from an AP (HTCONDOR-1857)
  • Using just an owner name in condor_qusers to restrict a query has not been implemented just yet. You can however use a constraint like condor_qusers -l -const 'Owner=?="<username>"' to limit the query with the long format.
Cheers,
Cole Bollig
From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of West, Matthew via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Sent: Monday, October 16, 2023 4:01 PM
To: HTCondor-Users Mail List <htcondor-users@xxxxxxxxxxx>
Cc: West, Matthew <M.T.West@xxxxxxxxxxxx>
Subject: [HTCondor-users] Managing usage of AP with condor_qusers
 
I really like this additional user management functionality.

- Is there a way to turn off filesystem authentication(?) so that the only way a new user can submit jobs is for an admin to explicitly enable them to do so?
- Feature request: use this to associate accounting group(s) to users.
- These user classads should be accessible & editable via the python bindings, correct?
- Bug(?): I cannot get the classad for just a single user using -long option.

Cheers,
Matt