logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

condor_token_request_approve - HTCondor Manual

Author

       HTCondor Team

Description

condor_token_request_approve  will  approve  an  request  for  an authentication token queued at a remote
       daemon.  Once approved, the requester will be able to fetch a fully signed token from the daemon and  use
       it to authenticate with the IDTOKENS method.

       NOTE  that  any  user  can  request  a  very  powerful  token,  even  allowing  them  to  be the HTCondor
       administrator; such requests can only be approved by an administrator.  Review token  requests  carefully
       to  ensure  you understand what identity you are approving.  The only safe way to approve a request is to
       have the request ID communicated out-of-band and  verify  it  matches  the  expected,  request  contents,
       ensuring the request's authenticity.

       By  default,  users  can  only approve requests for their own identity (that is, a user authenticating as
       bucky@cs.wisc.edu can only approve token  requests  for  the  identity  bucky@cs.wisc.edu).   Users  with
       ADMINISTRATOR authorization can approve any request.

       If  you  want  to  approve  multiple  requests at once, do not provide the -reqid flag; in that case, the
       utility will iterate through all known requests.

       By  default,  condor_token_request_approve  will  query  the  local  condor_collector;  by  specifying  a
       combination  of  -pool,  -name,  or -type, the tool can request tokens in other pools, on other hosts, or
       different daemon types.

Examples

       To approve the tokens at the default condor_collector, one-by-one:

          $ condor_token_request_approve
          RequestedIdentity = "bucky@cs.wisc.edu"
          AuthenticatedIdentity = "anonymous@ssl"
          PeerLocation = "10.0.0.42"
          ClientId = "bird.cs.wisc.edu-516"
          RequestId = "8414912"

          To approve, please type 'yes'
          yes
          Request 8414912 approved successfully.

       When a token is approved, the corresponding condor_token_request process will complete.  Note the printed
       request includes both the requested identity (which will be  written  into  the  issued  token)  and  the
       authenticated  identity of the token requester.  In this case, anonymous@ssl indicates the connection was
       established successfully over SSL but the remote  side  is  anonymous  (did  not  contain  a  client  SSL
       certificate).

Exit Status

condor_token_request_approve  will  exit with a non-zero status value if it fails to communicate with the
       remote daemon.  Otherwise, it will exit 0.

Name

       condor_token_request_approve - HTCondor Manual

       approve a token request at a remote daemon

Options

-debug Causes debugging information to be sent to stderr, based on  the  value  of  the  configuration
                 variable TOOL_DEBUG.

          -help  Display brief usage information and exit.

          -namehostname
                 Request  a  token  from  the  daemon  named  hostname  in  the  pool.   If  not  specified, the
                 locally-running daemons will be used.

          -poolpool_name
                 Request a token from a daemon in a non-default pool pool_name.

          -reqidval
                 Provides the specific request ID to approve.  Request IDs should be communicated out of band to
                 the administrator through a trusted channel.

          -typetype
                 Request a token from a specific daemon type type.  If not given, a condor_collector is used.

See Also

condor_token_request(1), condor_token_fetch(1), condor_token_request_auto_approve(1)

Synopsis

condor_token_request_approve [-reqidval] [-poolpool_name] [-name hostname] [-typetype] [-debug]

       condor_token_request_approve [-help ]

See Also