Provided by: condor_23.6.2+dfsg-2build1_amd64 
NAME
condor_token_request_auto_approve - HTCondor Manual
generate a new rule to automatically approve token requests
SYNOPSIS
condor_token_request_auto_approve -netblock network -lifetime val [-pool pool_name] [-name hostname]
[-type type] [-debug]
condor_token_request_auto_approve [-help ]
DESCRIPTION
condor_token_request_auto_approve will install a temporary auto-approval rule for token requests. Any
token request matching the auto-approval rule will be immediately approved instead of requiring
administrator approval
Automatic request approval is intended to help administrators initially setup their cluster. To install
a new rule, you must specify both a network and a lifetime; requests are only approved if they come from
that given source network, are within the rule lifetime, are limited to ADVERTISE_SCHEDD or
ADVERTISE_STARTD permissions, and are for the condor identity. When a condor_startd or condor_schedd is
started and cannot communicate with the collector, they will automatically generate token requests that
meet the last two conditions.
It is not safe to enable auto-approval when users have access to any of the involved hosts or networks.
To remove auto-approval rules, run condor_reconfig against the remote daemon.:
By default, condor_token_request_auto_approve will install rules at the local condor_collector; by
specifying a combination of -pool, -name, or -type, the tool can request tokens in other pools, on other
hosts, or different daemon types.
OPTIONS
-debug Causes debugging information to be sent to stderr, based on the value of the configuration
variable TOOL_DEBUG.
-help Display brief usage information and exit.
-lifetime value
Specify the lifetime, in seconds, for the auto-request rule to be valid.
-name hostname
Request a token from the daemon named hostname in the pool. If not specified, the
locally-running daemons will be used.
-netblock network
A netblock of the form IP_ADDRESS / SUBNET_MASK specifying the source of authorized requests.
Examples may include 129.93.12.0/24 or 10.0.0.0/26.
-pool pool_name
Request a token from a daemon in a non-default pool pool_name.
-type type
Request a token from a specific daemon type type. If not given, a condor_collector is used.
EXAMPLES
To automatically approve token requests to the default condor_collector coming from the 10.0.0.0/26
subnet for the next 10 minutes:
$ condor_token_request_auto_approve -lifetime 600 -netblock 10.0.0.0/26
Successfully installed auto-approval rule for netblock 10.0.0.0/26 with lifetime of 0.17 hours
Remote daemon reports no un-approved requests pending.
EXIT STATUS
condor_token_request_auto_approve will exit with a non-zero status value if it fails to communicate with
the remote daemon or has insufficient authorization. Otherwise, it will exit 0.
SEE ALSO
condor_token_request(1), condor_token_request_approve(1)
AUTHOR
Center for High Throughput Computing, University of Wisconsin-Madison
AUTHOR
HTCondor Team
COPYRIGHT
1990-2024, Center for High Throughput Computing, Computer Sciences Department, University of Wisconsin-
Madison, Madison, WI, US. Licensed under the Apache License, Version 2.0.
Jan 04, 2025 CONDOR_TOKEN_REQUEST_AUTO_APPROVE(1)