1VOMS-PROXY-FAKE(1)                                          VOMS-PROXY-FAKE(1)
2
3
4

NAME

6       voms-proxy-fake - create a proxy with VOMS extensions
7

SYNOPSIS

9       voms-proxy-fake [options]
10
11

DESCRIPTION

13       The  voms-proxy-fake  generates a proxy containing arbitrary attributes
14       without contacting the VOMS server.
15
16

OPTIONS

18       Options may be specified indifferently with either a "-" or  "--"  pre‐
19       fix.
20
21
22       -help Displays usage.
23
24
25       -version Displays version.
26
27
28       -debug Enables extra debug output.
29
30
31       -q Quiet mode, minimal output.
32
33
34       -verify Verifies certificate to make proxy for.
35
36
37       -pwstdin Allows passphrase from stdin.
38
39
40       -limited Creates a limited proxy.
41
42
43       -hours  H Proxy is valid for H hours (default:12).
44
45
46       -vomslife  H Tries to get an AC with information valid for H hours. The
47       default is "as long as the proxy  certificate".  The  special  value  0
48       means as long as the server will allow.
49
50
51       -bits   B  Number of bits in key {0|512|1024|2048|4096}. 0 is a special
52       value which means: same number of bits as in the issuing certificate.
53
54
55       -cert  certfile Non-standard location of user certificate
56
57
58       -key  keyfile Non-standard location of user key
59
60
61       -certdir  certdir Location of trusted certificates dir
62
63
64       -out  proxyfile Location of new proxy cert
65
66
67       -voms  voms[:command] Specifies the fake VOMS server that  will  appear
68       in  the  attribute  certificate.  command is ignored and is present for
69       compatibility with voms-proxy-init.
70
71
72       -include  file Includes file in the certificate (in a non critical  ex‐
73       tension)
74
75
76       -conf  file Read options from file.
77
78
79       -policy The file containing the policy expression.
80
81
82       -policy-language  pl The language in which the policy is expressed. De‐
83       fault is IMPERSONATION_PROXY.
84
85
86       -path-length Maximum depth of proxy certfificate  that  can  be  signed
87       from this.
88
89
90       -globus  version Underlying Globus version.
91
92
93       -proxyver  Version  of  the proxy certificate to create. May be 2 or 3.
94       Default value is decided upon underlying globus version.
95
96
97       -separate  file Saves the voms credential on file file.
98
99
100       -hostcert  file The cert that will be used to sign the AC.
101
102
103       -hostkey  file The key thet will be used to sign the AC.
104
105
106       -fqan  file The string that will be included in the AC as  the  granted
107       FQAN.
108
109
110       -newformat
111
112
113       This  forces  the  server  to generate ACs in the new (correct) format.
114       This is meant as a compatibility feature to ease  migration  while  the
115       servers upgrade to the new version.
116
117
118       -newsubject  newdn
119
120
121       The  created proxy will have newdn as subject rather than what is would
122       normally have depending on  the  specific  version  of  proxy  created.
123       Non-printable characters may be specified via the '\XX' encoding, where
124       XX are two hexadecimal characters.
125
126
127       -newissuer  newdn
128
129
130       The created proxy will have newdn as issuer rather than what  is  would
131       normally  have  depending  on  the  specific  version of proxy created.
132       Non-printable characters may be specified via the '\XX' encoding, where
133       XX are two hexadecimal characters.
134
135
136       -newserial  newserial
137
138
139       The created proxy will have the newserial as its serial number. The new
140       serial number will have to be specified as an hex  representation.  Any
141       length  is  possible.  If this option is not specified, voms-proxy-fake
142       will choose the serial number.
143
144
145       -pastac  timespec
146
147
148       The created AC will have its validity start in the past,  as  specified
149       by timespec.
150
151
152       The  format  of  timespec is one of: seconds, hours:minutes, hours:min‐
153       utes:seconds
154
155
156       -pastproxy  timespec
157
158
159       The created proxy will have its validity start in the past as specified
160       by timespec
161
162
163       The  format  of  timespec is one of: seconds, hours:minutes, hours:min‐
164       utes:seconds
165
166
167       -nscert  bit,...,bit
168
169
170       The created proxy will have the specified bits in the Netscape Certifi‐
171       cate  Extension.  Acceptable values for bit are: client, server, email,
172       objsign, sslCA, emailCA, objCA. The default value is not to  have  this
173       extension.
174
175
176       -extkeyusage  bit,...,bit
177
178
179       The  created proxy will have the specified bits in the Extended Key Us‐
180       age Extension. Acceptable values for bit are:  serverAuth,  clientAuth,
181       codeSigning,   emailProtection,   timeStamping,  msCodeInd,  msCodeCom,
182       msCTLSign, msSGC, msEFS, nsSGC, deltaCRL. The default value is  not  to
183       have this extensions.
184
185
186       -keyusage  bit,...,bit
187
188
189       The  created proxy will have the specified bits in the Key Usage Exten‐
190       sions. Acceptable values for bit are: digitalSignature, nonRepudiation,
191       keyEncipherment,  dataEncipherment, keyAgreement, keyCertSign, cRLSign,
192       encipherOnly, decipherOnly. The default value is to  copy  this  exten‐
193       sions  from  the  issuer certificate while removing the keyCertSign and
194       nonRepudiation bits if present.
195
196
197       -selfsigned
198
199
200       The created certificate will be a self-signed certificate  and  have  a
201       CA=true bit in the Basic constraints Exception.
202
203
204       -extension  oid[/criticality]value
205
206
207       This  option allows to specified additional extensions to be put in the
208       created certificate.
209
210
211       oid is the Object Identifier of the extensions. Any  OID  may  be  used
212       even  if it is not already known in advance. This must always be speci‐
213       fied. There is no default.
214
215
216       criticality specifies whether the extensions is critical or not, and it
217       must be either true or false. If absent, it defaults to false.
218
219
220       value  is the value of the extensions. It is composed by two subfields,
221       type and content. type is a single charater, and specifies how the con‐
222       tent  is interpreted. ':' means that content is a text string to be in‐
223       cluded as is. '~' means that content is an hex  representation  of  the
224       string. '+' means that content is the name of a file which will contain
225       the actual data.
226
227
228       -acextension  oid[/criticality]value
229
230
231       This option allows to specified additional extensions to be put in  the
232       created attribute certificate.
233
234
235       oid  is  the  Object  Identifier of the extensions. Any OID may be used
236       even if it is not already known in advance. This must always be  speci‐
237       fied. There is no default.
238
239
240       criticality specifies whether the extensions is critical or not, and it
241       must be either true or false. If absent, it defaults to false.
242
243
244       value is the value of the extensions. It is composed by two  subfields,
245       type and content. type is a single charater, and specifies how the con‐
246       tent is interpreted. ':' means that content is a text string to be  in‐
247       cluded  as  is.  '~' means that content is an hex representation of the
248       string. '+' means that content is the name of a file which will contain
249       the actual data.
250
251
252       -ga  id = value  [(qualifier)]
253
254
255       This  option  adds the generic attribute specified to the AC generated.
256       Please note that spaces before and after the '=' char are swallowed  in
257       the command line.
258
259
260       -voinfo  file
261
262
263       The  file  file contains informations for additional ACs that should be
264       included in the created proxy. ACs specified  via  the  -voinfo  option
265       shall be added before ACs specified via the command line options.
266
267
268       The format of the file is the following:
269
270
271       [voname]
272
273
274       parameter=value
275
276
277       parameter=value
278
279
280       ...
281
282

BUGS

284       EGEE Bug Tracking Tool: https://savannah.cern.ch/projects/jra1mdw/
285
286

SEE ALSO

288       voms-proxy-fake(1),       voms-proxy-init(1),       voms-proxy-info(1),
289       voms-proxy-destroy(1)
290
291
292       EDT Auth Home page: http://grid-auth.infn.it
293
294
295       CVSweb: http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms
296
297
298       RPM       repository:       http://datagrid.in2p3.fr/distribution/auto‐
299       build/i386-rh7.3
300
301

AUTHORS

303       Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.
304
305
306       Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.
307
308

COPYRIGHT

310       Copyright  (c) Members of the EGEE Collaboration. 2004. See the benefi‐
311       ciaries list for details on the copyright holders.
312
313
314       Licensed under the Apache License, Version 2.0 (the "License"); you may
315       not use this file except in compliance with the License. You may obtain
316       a copy of the License at
317
318
319       www.apache.org/licenses/LICENSE-2.0: http://www.apache.org/licenses/LI‐
320       CENSE-2.0
321
322
323       Unless  required  by  applicable  law or agreed to in writing, software
324       distributed under the License is distributed on an "AS IS" BASIS, WITH‐
325       OUT  WARRANTIES  OR  CONDITIONS OF ANY KIND, either express or implied.
326       See the License for the specific  language  governing  permissions  and
327       limitations under the License.
328
329
330
331
332                                                            VOMS-PROXY-FAKE(1)