1myproxy-store(1) MyProxy myproxy-store(1)
2
6 myproxy-store - store end-entity credential for later retrieval
7
9 myproxy-store [ options ]
10
12 The myproxy-store command uploads a credential to a myproxy-server(8)
13 for later retrieval. The user must have a valid proxy credential as
14 generated by grid-proxy-init or retrieved by myproxy-logon(1) when run‐
15 ning this command. Unlike myproxy-init(1), this command transfers the
16 private key over the network (over a private channel). In the default
17 mode, the command will take the credentials found in
18 ~/.globus/usercert.pem and ~/.globus/userkey.pem and store them in the
19 myproxy-server(8) repository. Proxy credentials with default lifetime
20 of 12 hours can then be retrieved by myproxy-logon(1) using the creden‐
21 tial passphrase. The default behavior can be overridden by options
22 specified below.
23 The hostname where the myproxy-server(8) is running must be specified
25 by either defining the MYPROXY_SERVER environment variable or the -s
26 option.
27
29 -h, --help
30 Displays command usage text and exits.
31 -u, --usage
33 Displays command usage text and exits.
34 -v, --verbose
36 Enables verbose debugging output to the terminal.
37 -V, --version
39 Displays version information and exits.
40 -s hostname[:port], --pshost hostname[:port]
42 Specifies the hostname(s) of the myproxy-server(s). Multiple
43 hostnames, each hostname optionally followed by a ':' and port
44 number, may be specified in a comma-separated list. This option
45 is required if the MYPROXY_SERVER environment variable is not
46 defined. If specified, this option overrides the MYPROXY_SERVER
47 environment variable. If a port number is specified with a host‐
48 name, it will override the -p option as well as the
49 MYPROXY_SERVER_PORT environment variable for that host.
50 -p port, --psport port
52 Specifies the TCP port number of the myproxy-server(8).
53 Default: 7512 If specified, this option overrides the
54 MYPROXY_SERVER_PORT environment variable.
55 -l, --username
57 Specifies the MyProxy account under which the credential should
58 be stored. By default, the command uses the value of the LOG‐
59 NAME environment variable. Use this option to specify a differ‐
60 ent account username on the MyProxy server. The MyProxy user‐
61 name need not correspond to a real Unix username.
62 -c filename, --certfile filename
64 Specifies the filename of the source certificate.
65 -y filename, --keyfile filename
67 Specifies the filename of the source private key.
68 -t hours, --proxy_lifetime hours
70 Specifies the maximum lifetime of credentials retrieved from the
71 myproxy-server(8) using the stored credential. Default: 12
72 hours
73 -d, --dn_as_username
75 Use the certificate subject (DN) as the default username,
76 instead of the LOGNAME environment variable.
77 -a, --allow_anonymous_retrievers
79 Allow credentials to be retrieved with just pass phrase authen‐
80 tication. By default, only entities with credentials that match
81 the myproxy-server.config(5) default retriever policy may
82 retrieve credentials. This option allows entities without
83 existing credentials to retrieve a credential using pass phrase
84 authentication by including "anonymous" in the set of allowed
85 retrievers. The myproxy-server.config(5) server-wide policy
86 must also allow "anonymous" clients for this option to have an
87 effect.
88 -A, --allow_anonymous_renewers
90 Allow credentials to be renewed by any client. Any client with
91 a valid credential with a subject name that matches the stored
92 credential may retrieve a new credential from the MyProxy repos‐
93 itory if this option is given. Since this effectively defeats
94 the purpose of proxy credential lifetimes, it is not recom‐
95 mended. It is included only for sake of completeness.
96 -r dn, --retrievable_by dn
98 Allow the specified entity to retrieve credentials. By default,
99 the argument will be matched against the common name (CN) of the
100 client (for example: "Jim Basney"). Specify -x before this
101 option to match against the full distinguished name (DN) (for
102 example: "/C=US/O=National Computational Science Alliance/CN=Jim
103 Basney") or a regular expression (for example: "*/CN=Jim Bas‐
104 ney|*/CN=James Basney").
105 -E dn, --retrieve_key dn
107 Allow the specified entity to retrieve end-entity credentials.
108 By default, the argument will be matched against the common name
109 (CN) of the client (for example: "Jim Basney"). Specify -x
110 before this option to match against the full distinguished name
111 (DN) (for example: "/C=US/O=National Computational Science
112 Alliance/CN=Jim Basney") or a regular expression (for example:
113 "*/CN=Jim Basney|*/CN=James Basney").
114 -R dn, --renewable_by dn
116 Allow the specified entity to renew credentials. By default,
117 the argument will be matched against the common name (CN) of the
118 client (for example: "condorg/modi4.ncsa.uiuc.edu"). Specify -x
119 before this option to match against the full distinguished name
120 (DN) (for example: "/C=US/O=National Computational Science
121 Alliance/CN=condorg/modi4.ncsa.uiuc.edu") or a regular expres‐
122 sion (for example:
123 "*/CN=server1.ncsa.uiuc.edu|*/CN=server2.ncsa.uiuc.edu").
124 -Z dn, --retrievable_by_cert dn
126 Allow the specified entity to retrieve credentials without a
127 passphrase. By default, the argument will be matched against
128 the common name (CN) of the client (for example: "Jim Basney").
129 Specify -x before this option to match against the full distin‐
130 guished name (DN) (for example: "/C=US/O=National Computational
131 Science Alliance/CN=Jim Basney") or a regular expression (for
132 example: "*/CN=Jim Basney|*/CN=James Basney").
133 -x, --regex_dn_match
135 Specifies that the DN used by options -r and -R will be matched
136 as a regular expression.
137 -X, --match_cn_only
139 Specifies that the DN used by options -r and -R will be matched
140 against the Common Name (CN) of the subject.
141 -k name, --credname name
143 Specifies the credential name.
144 -K description, --creddesc description
146 Specifies credential description.
147 EXIT STATUS
150 0 on success, >0 on error
151
153 ~/.globus/usercert.pem
154 Default location of the certificate to be stored on the myproxy-
155 server. Use the --certfile option to override.
156 ~/.globus/userkey.pem
158 Default location of the private key to be stored on the myproxy-
159 server. Use the --keyfile option to override.
160 -T, --trustroots
162 Retrieve CA certificates directory from server (if available) to
163 store in the location specified by the X509_CERT_DIR environment
164 variable if set or /etc/grid-security/certificates if running as
165 root or ~/.globus/certificates if running as non-root.
166
168 MYPROXY_SERVER
169 Specifies the hostname(s) where the myproxy-server(8) is run‐
170 ning. Multiple hostnames can be specified in a comma separated
171 list with each hostname optionally followed by a ':' and port
172 number. This environment variable can be used in place of the
173 -s option.
174 MYPROXY_SERVER_PORT
176 Specifies the port where the myproxy-server(8) is running. This
177 environment variable can be used in place of the -p option.
178 MYPROXY_SERVER_DN
180 Specifies the distinguished name (DN) of the myproxy-server(8).
181 All MyProxy client programs authenticate the server's identity.
182 By default, MyProxy servers run with host credentials, so the
183 MyProxy client programs expect the server to have a distin‐
184 guished name with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
185 "/CN=<fqhn>" (where <fqhn> is the fully-qualified hostname of
186 the server). If the server is running with some other DN, you
187 can set this environment variable to tell the MyProxy clients to
188 accept the alternative DN.
189 MYPROXY_TCP_PORT_RANGE
191 Specifies a range of valid port numbers in the form "min,max"
192 for the client side of the network connection to the server. By
193 default, the client will bind to any available port. Use this
194 environment variable to restrict the ports used to a range
195 allowed by your firewall. If unset, MyProxy will follow the
196 setting of the GLOBUS_TCP_PORT_RANGE environment variable.
197 X509_USER_CERT
199 Specifies a non-standard location for the certificate to be used
200 for authentication to the myproxy-server(8). Also specifies the
201 location for the certificate to be stored unless the -c option
202 is given.
203 X509_USER_KEY
205 Specifies a non-standard location for the private key to be used
206 for authentication to the myproxy-server(8). Also specifies the
207 location for the private key to be stored unless the -y option
208 is given.
209 X509_USER_PROXY
211 Specifies a non-standard location for the proxy credential to be
212 used for authentication to the myproxy-server(8).
213 X509_CERT_DIR
215 Specifies a non-standard location for the CA certificates direc‐
216 tory.
217
219 See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
220
222 myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-get-trust‐
223 roots(1), myproxy-info(1), myproxy-logon(1), myproxy-retrieve(1),
224 myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-admin-
225 change-pass(8), myproxy-admin-load-credential(8), myproxy-admin-
226 query(8), myproxy-server(8) myproxy-retrieve(1)
227MyProxy 2009-12-1 myproxy-store(1)