HTCondorWiki: How To Use Idtokens

 Not fully verified yet (and not just the flocking part).
 
-{file central-manager.config}
+{file: central-manager.config}
 use security : strong
 
 # (This section seems like it should be use security : user_based,
@@ -13,7 +13,7 @@
 ALLOW_DAEMON = condor@*
 ALLOW_NEGOTIATOR = condor@*
 
-# Flocking (completely untested).
+# Flocking (completely untested, from use security: user_based).
 # Should the first entry be $(ALLOW_NEGOTIATOR)?
 ALLOW_NEGOTIATOR_SCHEDD = condor@* $(FLOCK_NEGOTIATOR_HOSTS)
 ALLOW_WRITE_COLLECTOR=$(ALLOW_WRITE) $(FLOCK_FROM)
@@ -39,7 +39,7 @@
 COLLECTOR.DENY_DAEMON = CONDOR_ANONYMOUS_USER*/*
 {endfile}
 
-{file submit.config}
+{file: submit.config}
 use security : strong
 
 ALLOW_ADMINISTRATOR = condor@*
@@ -65,12 +65,14 @@
 # Allow any local user to submit jobs.
 ALLOW_WRITE = $(ALLOW_WRITE) *@$(HOSTNAME)
 
-# For promiscuous mode (and condor_status and condor_q).
+# For promiscuous mode (and condor_status and condor_q).  Do NOT put
+# ANONYMOUS first, since it always succeeds but we need a real user ID
+# for condor_q.
 SEC_READ_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS
 SEC_CLIENT_AUTHENTICATION_METHODS = $(SEC_DEFAULT_AUTHENTICATION_METHODS) ANONYMOUS
 {endfile}
 
-{file execute.config}
+{file: execute.config}
 use security : strong
 
 ALLOW_ADMINISTRATOR = condor@*