Docs for rename of SEC_TOKEN_BLACKLIST_EXPR. HTCONDOR-744

htcondor · Oct 4, 2021 · ec251ab · ec251ab
1 parent 60edec8
commit ec251ab
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/docs/admin-manual/configuration-macros.rst b/docs/admin-manual/configuration-macros.rst
@@ -9083,9 +9083,9 @@ macros are described in the :doc:`/admin-manual/security` section.
     For Unix machines, the path to the directory containing tokens for
     user authentication with the token method.  Defaults to ``~/.condor/tokens.d``.
 
-:macro-def:`SEC_TOKEN_BLACKLIST_EXPR`
+:macro-def:`SEC_TOKEN_REVOCATION_EXPR`
     A ClassAd expression evaluated against tokens during authentication;
-    if ``SEC_TOKEN_BLACKLIST_EXPR`` is set and evaluates to true, then the
+    if ``SEC_TOKEN_REVOCATION_EXPR`` is set and evaluates to true, then the
     token is revoked and the authentication attempt is denied.
 
 :macro-def:`SEC_TOKEN_REQUEST_LIMITS`

diff --git a/docs/admin-manual/security.rst b/docs/admin-manual/security.rst
@@ -1625,7 +1625,7 @@ to setup ``IDTOKENS`` authentication, enable it in the list of authentication me
 **Revoking Token**: If a token is lost, stolen, or accidentally exposed,
 then the system administrator may use the token revocation mechanism in order
 to prevent unauthorized use.  Revocation can be accomplished by setting the
-``SEC_TOKEN_BLACKLIST_EXPR`` configuration parameter;
+``SEC_TOKEN_REVOCATION_EXPR`` configuration parameter;
 when set, the value of this parameter will be
 evaluated as a ClassAd expression against the token's contents.
 
@@ -1650,24 +1650,24 @@ When printed using ``condor_token_list``, the human-readable form is as follows
     }
 
 If we would like to revoke this token, we could utilize any of the following
-values for ``SEC_TOKEN_BLACKLIST_EXPR``, depending on the desired breadth of
+values for ``SEC_TOKEN_REVOCATION_EXPR``, depending on the desired breadth of
 the revocation:
 
 .. code-block:: condor-config
 
     # Revokes all tokens from the user Alice:
-    SEC_TOKEN_BLACKLIST_EXPR = sub =?= "alice@pool.example.com"
+    SEC_TOKEN_REVOCATION_EXPR = sub =?= "alice@pool.example.com"
 
     # Revokes all tokens from Alice issued before or after this one:
-    SEC_TOKEN_BLACKLIST_EXPR = sub =?= "alice@pool.example.com" && \
+    SEC_TOKEN_REVOCATION_EXPR = sub =?= "alice@pool.example.com" && \
         iat <= 1588474719
 
     # Revokes *only* this token:
-    SEC_TOKEN_BLACKLIST_EXPR = jti =?= "c760c2af193a1fd4e40bc9c53c96ee7c"
+    SEC_TOKEN_REVOCATION_EXPR = jti =?= "c760c2af193a1fd4e40bc9c53c96ee7c"
 
-The revocation only works on the daemon where ``SEC_TOKEN_BLACKLIST_EXPR`` is
+The revocation only works on the daemon where ``SEC_TOKEN_REVOCATION_EXPR`` is
 set; to revoke a token across the entire pool, set
-``SEC_TOKEN_BLACKLIST_EXPR`` on every host.
+``SEC_TOKEN_REVOCATION_EXPR`` on every host.
 
 In order to invalidate all tokens issued by a given master password in
 ``SEC_PASSWORD_DIRECTORY``, simply remove the file from the directory.

diff --git a/docs/version-history/stable-release-series-90.rst b/docs/version-history/stable-release-series-90.rst
@@ -19,7 +19,10 @@ Release Notes:
 
 New Features:
 
-- None.
+- The configuration paramater ``SEC_TOKEN_BLACKLIST_EXPR`` has been renamed
+  to ``SEC_TOKEN_REVOCATION_EXPR``.
+  The old name is still recognized if the new one isn't set.
+  :jira:`744`
 
 Bugs Fixed: