How To Enable Pool Password

Not logged in

• Browse
• Help
• Home
• Login
• Reports
• Search
• Timeline
• Wiki

• Contents
• No-Diff
• Text

 
 If would like to enable a simple method for authenticating daemon-to-daemon communication, pool password is very straightforward.  However, it will not work if you have flocking (in or out) enabled.
 
-First, you need to tell HTCondor where to store the password.  On Windows, this will be in the secure area of the registry.  On Linux, you'll need to tell HTCondor where on disk to store the password.
 
+*INSTRUCTIONS FOR LINUX*
+
+On Linux, you need to tell HTCondor where to store the password.  If you installed from an RPM, /etc/condor should already exist.  Otherwise, you can create it as root and set the permissions to 0755.
+
+Add the following lines to enable the pool password method in the condor_config file:
 {code}
 SEC_PASSWORD_FILE = /etc/condor/condor_pool_password
+SEC_DAEMON_AUTHENTICATION = REQUIRED
+SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
+SEC_CLIENT_AUTHENTICATION_METHODS = FS, PASSWORD
+ALLOW_DAEMON = condor_pool@*
 {endcode}
 
-Then, on each machine in your pool, run the command:
+*NOTE:* If you have configured any other authentication methods, make sure to keep them in the list of CLIENT methods.
+
+Then, on each machine in your pool, run this command as root:
 {code}
 condor_store_cred -c add
 {endcode}
-And it will prompt you for the password.  On Windows, you'll need to do this on each machine in the pool.  On Linux, you can do this on one machine and then securely copy the file to all the other machines; make sure to check the file permissions after copying.
+And it will prompt you for the password.  You can optionally use =-p= on the command line to avoid prompting for the password.  Alternatively you can simply copy the file /etc/condor/condor_pool_password to all machines once have set it.  If you do so, make sure to verify the permissions (0600) and ownership (root).
+
+
+
+*INSTRUCTIONS FOR WINDOWS*
+
+On Windows, the pool password is stored in the secure area of the registry, so you do not need to specify its location yourself.
 
-Next, enable the pool password method in the condor_config file:
+Add the following lines to enable the pool password method in the condor_config file:
 {code}
-SEC_PASSWORD_FILE = /etc/condor/condor_pool_password
 SEC_DAEMON_AUTHENTICATION = REQUIRED
 SEC_DAEMON_AUTHENTICATION_METHODS = PASSWORD
+SEC_CLIENT_AUTHENTICATION_METHODS = NTSSPI, PASSWORD
 ALLOW_DAEMON = condor_pool@*
 {endcode}
 
-Finally, reconfigure your pool to have the new settings take effect:
+*NOTE:* If you have configured any other authentication methods, make sure to keep them in the list of CLIENT methods.
+
+Then, on each machine in your pool, run this command as LOCAL/System:
+{code}
+condor_store_cred -c add
+{endcode}
+And it will prompt you for the password.  You can optionally use =-p= on the command line to avoid prompting for the password.
+
+
+
+*INSTRUCTIONS FOR ALL PLATFORMS*
+
+If your HTCondor daemons were already running when you made these changes, don't forget to reconfigure your pool to have the new settings take effect:
 {code}
 condor_reconfig -all
 {endcode}

This work is supported by NSF under Cooperative Agreement OAC-2030508 as part of the PATh Project. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the NSF. Site built using CVSTrac.