1CONDOR_TOKEN_REQUEST_APPROVE(1) HTCondor ManualCONDOR_TOKEN_REQUEST_APPROVE(1)
2
6 condor_token_request_approve - HTCondor Manual
7 approve a token request at a remote daemon
9
12 condor_token_request_approve [-reqid val] [-pool pool_name] [-name
13 hostname] [-type type] [-debug]
14 condor_token_request_approve [-help ]
16
18 condor_token_request_approve will approve an request for an authentica‐
19 tion token queued at a remote daemon. Once approved, the requester
20 will be able to fetch a fully signed token from the daemon and use it
21 to authenticate with the IDTOKENS method.
22 NOTE that any user can request a very powerful token, even allowing
24 them to be the HTCondor administrator; such requests can only be ap‐
25 proved by an administrator. Review token requests carefully to ensure
26 you understand what identity you are approving. The only safe way to
27 approve a request is to have the request ID communicated out-of-band
28 and verify it matches the expected, request contents, ensuring the re‐
29 quest's authenticity.
30 By default, users can only approve requests for their own identity
32 (that is, a user authenticating as bucky@cs.wisc.edu can only approve
33 token requests for the identity bucky@cs.wisc.edu). Users with ADMIN‐
34 ISTRATOR authorization can approve any request.
35 If you want to approve multiple requests at once, do not provide the
37 -reqid flag; in that case, the utility will iterate through all known
38 requests.
39 By default, condor_token_request_approve will query the local con‐
41 dor_collector; by specifying a combination of -pool, -name, or -type,
42 the tool can request tokens in other pools, on other hosts, or differ‐
43 ent daemon types.
44
46 -debug Causes debugging information to be sent to stderr, based on
47 the value of the configuration variable TOOL_DEBUG.
48 -help Display brief usage information and exit.
50 -name hostname
52 Request a token from the daemon named hostname in the pool.
53 If not specified, the locally-running daemons will be used.
54 -pool pool_name
56 Request a token from a daemon in a non-default pool
57 pool_name.
58 -reqid val
60 Provides the specific request ID to approve. Request IDs
61 should be communicated out of band to the administrator
62 through a trusted channel.
63 -type type
65 Request a token from a specific daemon type type. If not
66 given, a condor_collector is used.
67
69 To approve the tokens at the default condor_collector, one-by-one:
70 $ condor_token_request_approve
72 RequestedIdentity = "bucky@cs.wisc.edu"
73 AuthenticatedIdentity = "anonymous@ssl"
74 PeerLocation = "10.0.0.42"
75 ClientId = "bird.cs.wisc.edu-516"
76 RequestId = "8414912"
77 To approve, please type 'yes'
79 yes
80 Request 8414912 approved successfully.
81 When a token is approved, the corresponding condor_token_request
83 process will complete. Note the printed request includes both the re‐
84 quested identity (which will be written into the issued token) and the
85 authenticated identity of the token requester. In this case, anony‐
86 mous@ssl indicates the connection was established successfully over SSL
87 but the remote side is anonymous (did not contain a client SSL certifi‐
88 cate).
89
91 condor_token_request_approve will exit with a non-zero status value if
92 it fails to communicate with the remote daemon. Otherwise, it will
93 exit 0.
94
96 condor_token_request(1), condor_token_fetch(1), condor_token_re‐
97 quest_auto_approve(1)
98
100 Center for High Throughput Computing, University of Wisconsin-Madison
101
103 Copyright © 1990-2019 Center for High Throughput Computing, Computer
104 Sciences Department, University of Wisconsin-Madison, Madison, WI. All
105 Rights Reserved. Licensed under the Apache License, Version 2.0.
106
108 HTCondor Team
109
111 1990-2023, Center for High Throughput Computing, Computer Sciences De‐
112 partment, University of Wisconsin-Madison, Madison, WI, US. Licensed
113 under the Apache License, Version 2.0.
114 Oct 02, 2023 CONDOR_TOKEN_REQUEST_APPROVE(1)