Description of problem: Now only authenticated user "cumin" can work with Condor QMF jobs, see bug 644041. I think all authenticated users in broker should work(Submit/Hold/Remove/Release) with Condor QMF jobs without QUEUE_ALL_USERS_TRUSTED=True in Condor configuration. Version-Release number of selected component (if applicable): MRG 1.3.0.1 How reproducible: 100% Actual results: Only authenticated user "cumin" can work with Condor QMF jobs. Expected results: All authenticated broker users can work with Condor QMF jobs.
We need proper QMF agent-side ACL for this to be properly implemented in the 2.0 timeframe. Ted, any thoughts or update on this?
QUEUE_ALL_USERS_TRUSTED=TRUE is not necessary, see bug 644041. Authentication is performed by the broker and authorization by the Scheduler object. Current (7.6.5-0.7) authorization restricts access to the "cumin" user only. If this was intended to be an RFE to allow authorization of users beyond "cumin", please open a BZ describing that. Also, note that implementation of such a feature should occur in the QMF library and currently depends on bug 649919.