Re: [HTCondor-users] Condor 23.10.1 compatibility problem with Conda

["Anderson, Stuart B." <sba@xxxxxxxxxxx>]

Jaime, thank you for the detailed explanation.

Please confirm (or correct) my understnading that setting a 23.10.x (or 24.y.z) AP to use the legacy setting security:recommended_v9_0 will provide secure connections from applications connection to daemons via older Python bindings, and will in no way degrade daemon-to-daemon security relative to the same AP running without a security metaknob setting?

More generally, how can I expand the âuse security:recommendedâ metaknob to find out the list individual security settings it represents?

Thanks.


> On Oct 24, 2024, at 11:22âAM, Jaime Frey via HTCondor-users <htcondor-users@xxxxxxxxxxx> wrote:
> 
> âuse security:recommendedâ is a new meta-knob introduced in 23.10.0. It replaces the previous meta-knob âuse security:recommended_v9_0â. If youâre not running any daemons using these configuration files, then the only impact is that your python bindings and command-line tools will not insist on any authentication, encryption, or integrity when communicating with daemons. Any reasonably-configured daemons will insist on using some of these, which will still work.
> 
> If you are running daemons using these configuration files, then you will not get any default authorization rules. If youâre not setting the ALLOW_XXXX config parameters yourself, then the daemons wonât accept any connections.
> 
> The issue not compatibility with Conda python bindings, but compatibility with bindings using HTCondor versions older than 23.10.0. We had not sufficiently considered the case of a new HTCondor OS package and old user-installed bindings when adding the new meta-knob to the default configuration files. We are looking at changing the default configuration to avoid this problem for the 24.0 release.
> 
> - Jaime


â
Stuart Anderson
sba@xxxxxxxxxxx