1GRID-PROXY-INIT(1)       Grid Community Toolkit Manual      GRID-PROXY-INIT(1)
2
3
4

NAME

6       grid-proxy-init - Generate a new proxy certificate
7

SYNOPSIS

9       grid-proxy-init -help | -usage | -version
10
11       grid-proxy-init [OPTIONS]
12

DESCRIPTION

14       The grid-proxy-init program generates X.509 proxy certificates derived
15       from the currently available certificate files. By default, this
16       command generates a <ulink
17       url="http://www.ietf.org/rfc/rfc3820.txt">RFC 3820</ulink> Proxy
18       Certificate with a 2048 bit key, valid for 12 hours, in a file named
19       /tmp/x509up_u’UID'. Command-line options and environment variables can
20       modify the format, strength, lifetime, and location of the generated
21       proxy certificate.
22
23       X.509 proxy certificates are short-lived certificates, signed usually
24       by a user’s identity certificate or another proxy certificate. The key
25       associated with a proxy certificate is unencrypted, so applications can
26       authenticate using a proxy identity without providing a pass phrase.
27
28       Proxy certificates provide a convenient alternative to constantly
29       entering passwords, but are also less secure than the user’s normal
30       security credential. Therefore, they should always be user-readable
31       only (this is enforced by the GSI libraries), and should be deleted
32       after they are no longer needed.
33
34       This version of grid-proxy-init supports three different proxy formats:
35       the old proxy format used in early releases of the Globus Toolkit up to
36       version 2.4.x, an IETF draft version of X.509 Proxy Certificate profile
37       used in Globus Toolkit 3.0.x and 3.2.x, and the RFC 3820 profile used
38       in Globus Toolkit Version 4.0.x and 4.2.x. By default, this version of
39       grid-proxy-init creates an RFC 3820 compliant proxy. To create a proxy
40       compatible with older versions of the Globus Toolkit, use the -old or
41       -draft command-line options.
42

OPTIONS

44       The full set of command-line options to grid-proxy-init are:
45
46       -help, -usage
47           Display the command-line options to grid-proxy-init.
48
49       -version
50           Display the version number of the grid-proxy-init command.
51
52       -debug
53           Display information about the path to the certificate and key used
54           to generate the proxy certificate, the path to the trusted
55           certificate directory, and verbose error messages.
56
57       -q
58           Suppress all output from grid-proxy-init except for pass phrase
59           prompts.
60
61       -verify
62           Perform certificate chain validity checks on the generated proxy.
63
64       -valid HOURS:MINUTES, -hours HOURS
65           Create a certificate that is valid for HOURS hours and MINUTES
66           minutes. If not specified, the default of twelve hours is used.
67
68       -cert CERTFILE, -key KEYFILE
69           Create a proxy certificate signed by the certificate located in
70           CERTFILE using the key located in KEYFILE. If not specified the
71           default certificate and key will be used. This overrides the values
72           of environment variables described below.
73
74       -certdir CERTDIR
75           Search CERTDIR for trusted certificates if verifying the proxy
76           certificate. If not specified, the default trusted certificate
77           search path is used. This overrides the value of the X509_CERT_DIR
78           environment variable.
79
80       -out PROXYPATH
81           Write the generated proxy certificate file to PROXYPATH instead of
82           the default path of /tmp/x509up_u’UID'.
83
84       -bits BITS
85           When creating the proxy certificate, use a BITS bit key instead of
86           the default 2048-bit keys.
87
88       -policy POLICYFILE
89           Add the certificate policy data described in POLICYFILE as the
90           ProxyCertInfo X.509 extension to the generated proxy certificate.
91
92       -pl POLICY-OID, -policy-language POLICY-OID
93           Set the policy language identifier of the policy data specified by
94           the -policy command-line option to the OID specified by the
95           POLICY-OID string.
96
97       -path-length MAXIMUM
98           Set the maximum length of the chain of proxies that can be created
99           by the generated proxy to MAXIMUM. If not set, the default of an
100           unlimited proxy chain length is used.
101
102       -pwstdin
103           Read the private key’s pass phrase from standard input instead of
104           reading input from the controlling tty. This is useful when
105           scripting grid-proxy-init.
106
107       -limited
108           Create a limited proxy. Limited proxies are generally refused by
109           process-creating services, but may be used to authorize with other
110           services.
111
112       -independent
113           Create an independent proxy. An independent proxy is not treated as
114           an impersonation proxy but as a separate identity for authorization
115           purposes.
116
117       -draft
118           Create a IETF draft proxy instead of the default RFC 3280-compliant
119           proxy. This type of proxy uses a non-standard proxy policy
120           identifier. This might be useful for authenticating with older
121           versions of the Globus Toolkit.
122
123       -old
124           Create a legacy proxy instead of the default RFC 3280-compliant
125           proxy. This type of proxy uses a non-standard method of indicating
126           that the certificate is a proxy and whether it is limited. This
127           might be useful for authenticating with older versions of the
128           Globus Toolkit.
129
130       -rfc
131           Create an RFC 3820-compliant proxy certificate. This is the default
132           for this version of grid-proxy-init.
133

EXAMPLES

135       To create a proxy with the default lifetime and format, run the
136       grid-proxy-init program with no arguments. For example:
137
138           % grid-proxy-init
139           Your identity: /DC=org/DC=example/CN=Joe User
140           Enter GRID pass phrase for this identity: XXXXXXX
141           Creating proxy .................................. Done
142           Your proxy is valid until: Thu Mar 18 03:48:05 2010
143
144       To create a stronger proxy that lasts for only 8 hours, use the -hours
145       and -bits command-line options to grid-proxy-init. For example:
146
147           % grid-proxy-init -hours 8 -bits 4096
148           Your identity: /DC=org/DC=example/CN=Joe User
149           Enter GRID pass phrase for this identity: XXXXXXX
150           Creating proxy .................................. Done
151           Your proxy is valid until: Thu Mar 17 23:48:05 2010
152

ENVIRONMENT

154       The following environment variables affect the execution of
155       grid-proxy-init:
156
157       X509_USER_CERT
158           Path to the certificate to use as issuer of the new proxy.
159
160       X509_USER_KEY
161           Path to the key to use to sign the new proxy.
162
163       X509_CERT_DIR
164           Path to the directory containing trusted certificates and signing
165           policies.
166

FILES

168       The following files affect the execution of grid-proxy-init:
169
170       $HOME/.globus/usercert.pem
171           Default path to the certificate to use as issuer of the new proxy.
172
173       $HOME/.globus/userkey.pem
174           Default path to the key to use to sign the new proxy.
175

SEE ALSO

177       grid-proxy-destroy(1), grid-proxy-info(1)
178

AUTHOR

180       Copyright © 1999-2014 University of Chicago
181
182
183
184Grid Community Toolkit 6          03/31/2018                GRID-PROXY-INIT(1)
Impressum