[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] condor_token_create -key



For keys other than the POOL key, you can write the key file directly with whatever sufficiently-random contents you want. The file must be owned by root and readable only by root.

 - Jaime

On Feb 13, 2025, at 2:01âPM, Weatherby,Gerard <gweatherby@xxxxxxxx> wrote:
Itâs my recollection from ~18 month ago that using not the POOL password for creating tokens allows revocation of user tokens without invalidating the pool.

e.g. 

condor_token_create -key token_key --identity gweatherby@xxxxxxxxxx -f /tmp/g.token

I donât recall exactly how to create /etc/condor/passwords.d/token_key ?
Iâve tried 
condor_store_cred add-pwd -f token_key -c
but that doesnât seem to do the trick