Mailing List Archives
Authenticated access
|
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[HTCondor-users] Security implications of SEC_SCITOKENSâFOREIGN_TOKEN?
- Date: Sun, 29 Mar 2026 20:37:30 +0000
- From: KÃhn, Max (SCC) <max.fischer@xxxxxxx>
- Subject: [HTCondor-users] Security implications of SEC_SCITOKENSâFOREIGN_TOKEN?
Hi all,
We got approached about supporting EGI CheckIn Tokens and are just trying to understand what that would entail. As per the docs [0] we are looking at the SEC_SCITOKENSâFOREIGN_TOKEN family of things.
However, I am now a bit alarmed as there are multiple vague warnings that this lowers security checks:
> These parameters should be used with caution, as they disable some security checks. [0, 1]
Plus it looks like these are already switched on by default [2].
Is this something that will practically lower security checks also for regular SciTokens auth? Is this just because third-party plugins are invoked to check the tokens? Something else?
Cheers,
Max
[0] Security docs on EGI CheckIn tokens
https://htcondor.readthedocs.io/en/25.0/admin-manual/security.html#scitokens-authentication
[1]
https://htcondor.readthedocs.io/en/25.0/admin-manual/configuration-macros.html#SEC_SCITOKENS_FOREIGN_TOKEN_ISSUERS
[2] # condor_config_val SEC_SCITOKENS_ALLOW_FOREIGN_TOKEN_TYPES CONDOR_VERSION -verbose
SEC_SCITOKENS_ALLOW_FOREIGN_TOKEN_TYPES = true
# at: <Default>
# raw: SEC_SCITOKENS_ALLOW_FOREIGN_TOKEN_TYPES = true
CONDOR_VERSION = 25.0.8
# at: <Default>
# raw: CONDOR_VERSION = 25.0.8
Attachment:
smime.p7s
Description: S/MIME cryptographic signature