Ubuntu Manpage: condor_check_password

Provided by: condor_23.4.0+dfsg-1ubuntu4.1_amd64

NAME

       condor_check_password - HTCondor Manual

       Examine HTCondor key files, looking for keys that prior version of HTCondor will not fully read.

SYNOPSIS

       condor_check_password <-h | --help>

       condor_check_password [--truncate] [key]

DESCRIPTION

       Versions  of  HTCondor before 8.9.12 contained contained a bug in the code used to read the pool password
       (hence the name of the tool): in some cases the read would be truncated before end of the file.   Because
       the  same code is used to read IDTOKENS signing keys, this bug affects the IDTOKENS authorization method,
       as well.

       There was no backwards-compatible fix: versions 8.9.12 and later may read the same file differently  than
       earlier versions, meaning that tokens issued before 8.9.12 may not be recognized by later versions.

       This  tool  detects  key  files  which  will not be fully read by earlier versions of HTCondor.  IDTOKENS
       generated by such a key will not be accepted by later versions (which read the whole key file).   If  you
       choose to truncate these files on disk, later version of HTCondor will read only the same bits as earlier
       versions, allowing them to accept tokens issued by earlier versions, at the cost of weakening your pool's
       resistance to brute-force attacks.

       By  default, this tool checks all the key files that will be found by the current HTCondor configuration;
       you may specify a specific key or keys to check, instead.

OPTIONS

          -h, --help
                 Print a usage reminder.

          --truncate
                 When a potentially insecure key is encountered, truncate it to  match  the  behavior  prior  to
                 version 8.9.12.

EXIT STATUS

       Exits  with  code  0 if there were no signing keys to check or if all of the checked keys were OK.  Exits
       with code 1 if at least one checked key was not OK.  Exits non-zero if a problem  was  encountered  along
       the way.

AUTHOR

       HTCondor Team

COPYRIGHT

       1990-2024,  Center  for High Throughput Computing, Computer Sciences Department, University of Wisconsin-
       Madison, Madison, WI, US. Licensed under the Apache License, Version 2.0.

                                                  Aug 25, 2024                          CONDOR_CHECK_PASSWORD(1)