condor_check_password(1)

1CONDOR_CHECK_PASSWORD(1)        HTCondor Manual       CONDOR_CHECK_PASSWORD(1)
2
3
4

NAME

6       condor_check_password - HTCondor Manual
7
8       Examine  HTCondor key files, looking for keys that prior version of HT‐
9       Condor will not fully read.
10
11
12
13

SYNOPSIS

15       condor_check_password <-h | --help>
16
17       condor_check_password [--truncate] [key]
18

DESCRIPTION

20       Versions of HTCondor before 8.9.12 contained contained  a  bug  in  the
21       code  used  to  read the pool password (hence the name of the tool): in
22       some cases the read would be truncated before end of the file.  Because
23       the  same  code is used to read IDTOKENS signing keys, this bug affects
24       the IDTOKENS authorization method, as well.
25
26       There was no backwards-compatible fix: versions 8.9.12  and  later  may
27       read  the same file differently than earlier versions, meaning that to‐
28       kens issued before 8.9.12 may not be recognized by later versions.
29
30       This tool detects key files which will not be  fully  read  by  earlier
31       versions of HTCondor.  IDTOKENS generated by such a key will not be ac‐
32       cepted by later versions (which read  the  whole  key  file).   If  you
33       choose  to truncate these files on disk, later version of HTCondor will
34       read only the same bits as earlier versions, allowing  them  to  accept
35       tokens issued by earlier versions, at the cost of weakening your pool's
36       resistance to brute-force attacks.
37
38       By default, this tool checks all the key files that will  be  found  by
39       the  current  HTCondor configuration; you may specify a specific key or
40       keys to check, instead.
41

OPTIONS

43          -h, --help
44                 Print a usage reminder.
45
46          --truncate
47                 When a potentially insecure key is encountered,  truncate  it
48                 to match the behavior prior to version 8.9.12.
49

EXIT STATUS

51       Exits  with  code 0 if there were no signing keys to check or if all of
52       the checked keys were OK.  Exits with code 1 if at  least  one  checked
53       key  was not OK.  Exits non-zero if a problem was encountered along the
54       way.
55

AUTHOR

57       HTCondor Team
58

COPYRIGHT

60       1990-2023, Center for High Throughput Computing, Computer Sciences  De‐
61       partment,  University  of  Wisconsin-Madison, Madison, WI, US. Licensed
62       under the Apache License, Version 2.0.
63
64
65
66
67                                 Oct 02, 2023         CONDOR_CHECK_PASSWORD(1)