Re: [HTCondor-users] HTCondor 24 SECMAN Password/Token oddity

[Thomas Birkett - STFC UKRI <thomas.birkett@xxxxxxxxxx>]

Hi all,

 

I found the change: https://github.com/htcondor/htcondor/commit/080deaaa16e74e727a9f62f541038ae16b450e6e

 

This does state the new ID of `condor@password`. I see that this change is mentioned in the change-log of Condor 23.0.6 (https://htcondor.readthedocs.io/en/latest/version-history/feature-versions-23-x.html#version-23-9-6) however it’s not evident that this impacts the `UID-DOMAIN` of this user and the associated ticket for the change (https://opensciencegrid.atlassian.net/browse/HTCONDOR-2486) doesn’t state the now hard coded value of `password` as the UID-DOMAIN.

 

As this is quite a major change to the authentication model of environments upgrading from older versions, may I request the requirement for the user `condor@password` be made clearer in the changelog.

 

Many thanks,

 

Tom

 

From: HTCondor-users <htcondor-users-bounces@xxxxxxxxxxx> on behalf of Todd L Miller via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Date: Monday, 6 January 2025 at 19:19
To: Thomas Birkett - STFC UKRI via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Cc: Todd L Miller <tlmiller@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] HTCondor 24 SECMAN Password/Token oddity

> I assumed the domain was derived from the `TRUST_DOMAIN` ClassAd which
> is set to `gridpp.rl.ac.uk`. Is this new format of `condor@password`
> expected?

         This may be related to HTCONDOR-2486, where we changed the default
user ID for the PASSWORD method from `condor_pool` to `condor`, but I'm
not sure why your old config worked, so I'm clearly missing something.
(You don't appear to allow `condor_password` to write master ads to the
collector.)

-- ToddM
_______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe

The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/