Ubuntu Manpage: condor_check_password

Provided by: condor_23.4.0+dfsg-1ubuntu4_amd64

NAME

       condor_check_password - HTCondor Manual

       Examine HTCondor key files, looking for keys that prior version of HTCondor will not fully
       read.

SYNOPSIS

       condor_check_password <-h | --help>

       condor_check_password [--truncate] [key]

DESCRIPTION

       Versions of HTCondor before 8.9.12 contained contained a bug in the code used to read  the
       pool  password  (hence  the  name  of the tool): in some cases the read would be truncated
       before end of the file.  Because the same code is used to read IDTOKENS signing keys, this
       bug affects the IDTOKENS authorization method, as well.

       There  was  no  backwards-compatible fix: versions 8.9.12 and later may read the same file
       differently than earlier versions, meaning that tokens issued before  8.9.12  may  not  be
       recognized by later versions.

       This  tool detects key files which will not be fully read by earlier versions of HTCondor.
       IDTOKENS generated by such a key will not be accepted by later versions  (which  read  the
       whole key file).  If you choose to truncate these files on disk, later version of HTCondor
       will read only the same bits as earlier versions, allowing them to accept tokens issued by
       earlier versions, at the cost of weakening your pool's resistance to brute-force attacks.

       By  default, this tool checks all the key files that will be found by the current HTCondor
       configuration; you may specify a specific key or keys to check, instead.

OPTIONS

          -h, --help
                 Print a usage reminder.

          --truncate
                 When a potentially insecure  key  is  encountered,  truncate  it  to  match  the
                 behavior prior to version 8.9.12.

EXIT STATUS

       Exits  with  code  0  if there were no signing keys to check or if all of the checked keys
       were OK.  Exits with code 1 if at least one checked key was not OK.  Exits non-zero  if  a
       problem was encountered along the way.

AUTHOR

       HTCondor Team

COPYRIGHT

       1990-2024,  Center for High Throughput Computing, Computer Sciences Department, University
       of Wisconsin-Madison, Madison, WI, US. Licensed under the Apache License, Version 2.0.

                                           Apr 14, 2024                  CONDOR_CHECK_PASSWORD(1)