1myproxy-admin-adduser(8)            MyProxy           myproxy-admin-adduser(8)
2
3
4

NAME

6       myproxy-admin-adduser - add a user or service credential
7

SYNOPSIS

9       myproxy-admin-adduser [ options ]
10
11       myproxy-admin-addservice [ options ]
12

DESCRIPTION

14       The  myproxy-admin-adduser and myproxy-admin-addservice commands create
15       a new credential for a user or service and load  it  into  the  MyProxy
16       repository.   They  are  perl(1)  scripts that run grid-cert-request (a
17       standard Grid Community Toolkit program)  and  grid-ca-sign  (from  the
18       Globus  Simple  CA  package)  to  create  the  credential  and then run
19       myproxy-admin-load-credential(8)  to  load  the  credential  into   the
20       MyProxy repository.
21
22       The  command prompts for the common name to be included in the new cer‐
23       tificate (if the -c argument is not specified), the  Globus  Simple  CA
24       key  password for signing the certificate, the MyProxy username (if the
25       -l or -d arguments are not specified), and the MyProxy  passphrase  for
26       the  credential.  Most of the command-line options for this command are
27       passed directly to the myproxy-admin-load-credential(8) command.
28
29       The grid-ca-sign program is not provided in the  MyProxy  distribution.
30       It must be installed separately, from the Globus Simple CA package.
31

OPTIONS

33       -h     Displays command usage text and exits.
34
35       -u     Displays command usage text and exits.
36
37       -v     Enables verbose debugging output to the terminal.
38
39       -c cn  Specifies  the  Common Name for the new credential (for example:
40              "Jim Basney").
41
42       -s dir Specifies the location of the credential storage directory.  The
43              directory  must  be  accessible  only  by  the  user running the
44              myproxy-server   process   for   security   reasons.    Default:
45              /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
46
47       -l username
48              Specifies  the MyProxy account under which the credential should
49              be stored.
50
51       -t hours
52              Specifies the maximum lifetime of credentials retrieved from the
53              myproxy-server(8)  using  the  stored  credential.   Default: 12
54              hours
55
56       -p CA-password
57              Specifies the password for the CA's private key using the format
58              documented in the PASS PHRASE ARGUMENTS section of openssl(1).
59
60       -n     Disables  passphrase  authentication  for the stored credential.
61              If specified, the command will not prompt for a passphrase,  the
62              credential  will not be encrypted by a passphrase in the reposi‐
63              tory,  and  the  credential  will  not  be   retrievable   using
64              passphrase authentication with myproxy-logon(1).  This option is
65              used for storing renewable credentials and is implied by -R.
66
67       -d     Use the certificate subject (DN) as the username.
68
69       -a     Allow credentials to be retrieved with just pass phrase  authen‐
70              tication.  By default, only entities with credentials that match
71              the  myproxy-server.config(5)  default  retriever   policy   may
72              retrieve  credentials.   This  option  allows  entities  without
73              existing credentials to retrieve a credential using pass  phrase
74              authentication  by  including  "anonymous" in the set of allowed
75              retrievers.   The  myproxy-server.config(5)  server-wide  policy
76              must  also  allow "anonymous" clients for this option to have an
77              effect.
78
79       -A     Allow credentials to be renewed by any client.  Any client  with
80              a  valid  credential with a subject name that matches the stored
81              credential may retrieve a new credential from the MyProxy repos‐
82              itory  if  this option is given.  Since this effectively defeats
83              the purpose of proxy credential  lifetimes,  it  is  not  recom‐
84              mended.  It is included only for sake of completeness.
85
86       -r name
87              Allow  the  specified entity to retrieve credentials. See -x and
88              -X options for controlling name matching behavior.
89
90       -R name
91              Allow the specified entity to renew credentials. See -x  and  -X
92              options  for  controlling  name  matching behavior.  This option
93              implies -n since passphrase authentication is not used for  cre‐
94              dential renewal.
95
96       -Z name, --retrievable_by_cert name
97              Allow  the  specified  entity  to retrieve credentials without a
98              passphrase. See -x and -X options for controlling name  matching
99              behavior.  This option implies -n.
100
101       -x     Specifies  that names used with following options -r, -R, and -Z
102              will be matched against the  full  certificate  subject  distin‐
103              guished  name  (DN) according to REGULAR EXPRESSIONS in myproxy-
104              server.config(5).
105
106       -X     Specifies that names used with following options -r, -R, and  -Z
107              will be matched against the certificate subject common name (CN)
108              according to REGULAR  EXPRESSIONS  in  myproxy-server.config(5).
109              For  example,  if  an  argument of -r "Jim Basney" is specified,
110              then the resulting policy will be "*/CN=Jim  Basney".   This  is
111              the default behavior.
112
113       -k name
114              Specifies the credential name.
115
116       -K description
117              Specifies credential description.
118

EXIT STATUS

120       0 on success, >0 on error
121

AUTHORS

123       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
124       authors.
125

SEE ALSO

127       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),
128       myproxy-init(1),    myproxy-logon(1),   myproxy-retrieve(1),   myproxy-
129       store(1),    myproxy-server.config(5),    myproxy-admin-change-pass(8),
130       myproxy-admin-load-credential(8),    myproxy-admin-query(8),   myproxy-
131       server(8)
132
133
134
135MyProxy                           2011-09-05          myproxy-admin-adduser(8)
Impressum