Mailing List Archives
Authenticated access
UW Madison
Computer Sciences Department
Computer Systems Lab
[
Date Prev
][
Date Next
][
Thread Prev
][
Thread Next
][
Date Index
][
Thread Index
]
[HTCondor-users] OAuthCredmon and Schedd: markfile names consistency
Date
: Thu, 7 Sep 2023 18:11:05 +0200
From
: Benoit Roland <
benoit.roland@xxxxxxx
>
Subject
: [HTCondor-users] OAuthCredmon and Schedd: markfile names consistency
Dear all,
I understand that a markfile is used to take the decision to remove tokens when the markfile lifetime exceeds some threshold.
o) This is used in the functions "should_delete" and "delete_tokens" in the OAuth Credential Monitor [1].
In these functions, the markfile name is defined as:
mark_path = os.path.join(self.cred_dir, username, token_name + '.mark')
[convention 1]
following the same convention as for the ".top" and ".use" tokens.
o) The markfile, if I am correct, is created in the schedd [2] via:
a
uto_free_ptr cred_dir_oauth(param("SEC_CREDENTIAL_DIRECTORY_OAUTH"));
....
credmon_mark_creds_for_sweeping(cred_dir_oauth, owner_info.Name());Â
[convention 2]
with "
credmon_mark_creds_for_sweeping(const char * cred_dir, const char* user)
" defined in the credmon interface [3].
o) The first convention will result in e.g.:
SEC_CREDENTIAL_DIRECTORY_OAUTH
/
username
/
token_name
.mark
while the second convention will result in:
SEC_CREDENTIAL_DIRECTORY_OAUTH
/
username
.mark
o) Making a test, I can indeed find on my submit node:
/var/lib/condor/mytoken_credentials
/
benoit_roland
.mark
while the OAuth Credential Monitor is looking for:
/var/lib/condor/mytoken_credentials
/
benoit_roland
/
helmholtz
.mark
As a result, the markfile is not found, and the ".top", ".use" and ".mark" files are not deleted after expiration of the markfile.
Am I missing something, or are my observations correct?
Thanks a lot in advance for your help!
Cheers,
Benoit
[1] src/condor_credd/condor_credmon_oauth/credmon/CredentialMonitors/OAuthCredmon.py
[2] src/condor_schedd.V6/schedd.cpp
[3] src/condor_utils/credmon_interface.cpp
Follow-Ups
:
Re: [HTCondor-users] OAuthCredmon and Schedd: markfile names consistency
From:
Jason Patton
Prev by Date:
Re: [HTCondor-users] Windows Run As Owner
Next by Date:
[HTCondor-users] European HTC workshop - program now online
Previous by thread:
Re: [HTCondor-users] Lost in IDTOKENS
Next by thread:
Re: [HTCondor-users] OAuthCredmon and Schedd: markfile names consistency
Index(es):
Date
Thread