I am trying to get more friends to donate their CPU time. However, I don't really want to give them access to my account, and the setup of their own is somewhat complicated.

I suggest an account called Guest:Username with a different password that can be given to attach the account manager, and then let me manage their settings without their ability to access the main account settings.

This also means that if one of those machines is compromised the WORST that can happen is they can fetch work.

Is this possible, or does the client running on the host know the project passwords anyway?

When the client communicates with the server, how does the server know it's really you? It must be sending something...

I don't know how long you have been BOINCing, but the registration used to be via web, and you got an "account key" sent via email. The account key is a 32-character long random string (looks the same as the CPID). To attach, you had to enter the project's URL on the BOINC Manager, followed by the long alphanumeric string.

Now you just create your account from the manager and use email/password to attach other computers. This works by first contacting the project server with the email and password, and the server gives account key back. The account key is then sent to the server on every operation for the server to know it's really you (still the same it did before the email/password system appeared).

Account key is stored on the client, and you can use it to login on the project website, so in summary it's the same effect as if email/password was stored on the client. Maybe this was a bigger explanation than you needed, but it's interesting to know

Why not just set up different accounts? After all, it's your friends' computers, not yours, so you would be getting credits for computers not your own! (I call that cheating, even if I have done it myself).

That doesn't mean it is a cleartext password.



So it's an authentication token. I can handle that.



Because I have about 30 people who would love to participate, but they don't want to set anything up more than a simple "download this, run this, click here, and then leave the rest to me" thing.

Sure, I could set up an account for them, but then I'd still be managing it for them, and honestly it's not worth the headache to have to log into 30 accounts, one per person.

I suppose I could set up a "guest" account myself and let them all sign up to it, and just ask them not to go and change things. Ya, right. That'll work.

Think of me as a sysadmin (who understands a lot about cryptography and how this thing works from a programmer's point of view) having used distributed systems since, oh, 1980 or so.

Well, it's not that you need too much mess to use the token. On the project websites login page, you can enter either email and password OR account key.