1APPROXY(1) NorduGrid Users Manual APPROXY(1)
2
3
4
6 arcproxy - ARC Credentials Proxy generation utility
7
9 arcproxy [OPTION]
10
12 arcproxy generates proxy credentials (general proxy certificate, or
13 proxy certificate with voms AC extenstion) from private key and cer‐
14 tificate of user.
15
17 -d level of information printed. Possible values are DEBUG, VER‐
18 BOSE, INFO, WARNING, ERROR and FATAL.
19
20 -P location of generated credentials proxy file
21
22 -C location of X509 certificate file
23
24 -K location of private key file
25
26 -T path to trusted certificate directory, only needed for voms
27 client functionality
28
29 -V path to voms server configuration file, only needed for voms
30 client functionality
31
32 -S voms<:command>. Specify voms server.
33 :command is optional, and is used to ask for spe‐
34 cific attributes(e.g: roles)
35 command option is:
36 all --- put all of this DN's attributes into AC;
37 list ---list all of the DN's attribute,will not
38 create AC extension;
39 /Role=yourRole --- specify the role, if this DN
40 has such a role, the role will be
41 put into AC
42 /voname/groupname/Role=yourRole --- specify the
43 vo,group and role if this DN
44 has such a role, the role will be
45 put into AC
46
47
48 -o group<:role>. Specify ordering of attributes.
49 Example: --order /knowarc.eu/coredev:Devel‐
50 oper,/knowarc.eu/testers:Tester
51 or: --order /knowarc.eu/coredev:Developer --order
52 /knowarc.eu/testers:Tester
53 Note that it does not make sense to specify the
54 order if you have two or more different voms server specified
55
56
57 -G use GSI communication protocol for contacting VOMS services
58
59
60 -O use GSI proxy (RFC 3820 compliant proxy is default)
61
62
63 -I print all information about this proxy.
64 In order to show the Identity (DN without CN as
65 subfix for proxy)
66 of the certificate, the 'trusted certdir' is
67 needed.
68
69
70 -r Remove the proxy file.
71
72
73 -U Username to myproxy server.
74
75
76 -L hostname of myproxy server optinally followed by colon and port
77 number, e.g.
78 example.org:7512. If the port number has not
79 been specified, 7512 is used by default.
80
81
82 -M command to myproxy server. The command can be PUT and GET.
83 PUT/put -- put a delegated credential to myproxy
84 server;
85 GET/get -- get a delegated credential from myproxy
86 server,
87 credential (certificate and key) is not needed in
88 this case;
89 myproxy functionality can be used together with
90 voms functionality.
91
92
93 -R Allow specified entity to retrieve credential without
94 passphrase.
95 This option is specific for the PUT command when
96 contacting Myproxy server.
97
98
99
100 -N don't prompt for a credential passphrase, when retrieve a cre‐
101 dential from on MyProxy server.
102 The precondition of this choice is the credential
103 is PUT onto
104 the MyProxy server without a passphrase by using
105 -R (--retrievable_by_cert)
106 option when being PUTing onto Myproxy server.
107 This option is specific for the GET command when
108 contacting Myproxy server.
109
110
111 -c constraints of proxy certificate. Currently following con‐
112 straints are supported:
113
114 validityStart=time - time when certificate becomes valid.
115 Default is now.
116
117 validityEnd=time - time when certificate becomes invalid.
118 Default is 43200 (12 hours) from start.
119
120 validityPeriod=time - for how long certificate is valid. Default
121 is 43200 (12 hours).
122
123 vomsACvalidityPeriod=time - for how long the AC is valid.
124 Default is the same as validityPeriod.
125
126 proxyPolicy=policy content - assigns specified string to proxy
127 prolicy to limit it's functionality.
128
129 -h prints short usage description
130
131 If not specified location of certificate, key and proxy will be taken
132 from content of environment variables X509_USER_CERT, X509_USER_KEY and
133 X509_USER_PROXY.
134
135
137 Report bugs to http://bugzilla.nordugrid.org/
138
139
141 ARC_LOCATION
142 The location where ARC is installed can be specified by this
143 variable. If not specified the install location will be deter‐
144 mined from the path to the command being executed, and if this
145 fails a WARNING will be given stating the location which will be
146 used.
147
148
149 ARC_PLUGIN_PATH
150 The location of ARC plugins can be specified by this variable.
151 Multiple locations can be specified by separating them by : (;
152 in Windows). The default location is $ARC_LOCATION/lib/arc (\ in
153 Windows).
154
155
157 APACHE LICENSE Version 2.0
158
159
161 /etc/vomses
162 Common file containing a list of selected VO contact point, one
163 VO per line, for example:
164
165 "gin" "kuiken.nikhef.nl" "15050" "/O=dutch‐
166 grid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
167
168 "nordugrid.org" "voms.uninett.no" "15015" "/O=Grid/O=Nor‐
169 duGrid/CN=host/voms.ndgf.org" "nordugrid.org"
170
171
172 ~/.voms/vomses
173 Same as /etc/vomses but located in user's home area. If exists,
174 has precedence over /etc/vomses
175
176 The order of the parsing of vomses location is:
177
178 1. command line options
179 2. $X509_VOMSES or $X509_VOMS_FILE
180 3. client configuration file ~/.arc/client.conf
181 4. ~/.voms/vomses
182 5. ~/.arc/vomses
183 6. /etc/grid-security/vomses
184 7. $ARC_LOCATION/etc/grid-security/vomses (this is for
185 Windows environment)
186
187
188 ~/.arc/client.conf
189 Some options can be given default values by specifying them in
190 the ARC client configuration file. By using the --conffile
191 option a different configuration file can be used than the
192 default.
193
194
196 Weizhong Qiang <weizhong.qiang@fys.uio.no>
197
198
200 arccat(1), arcclean(1), arccp(1), arcget(1), arcinfo(1), arckill(1),
201 arcls(1), arcmigrate(1), arcrenew(1), arcresub(1), arcresume(1),
202 arcrm(1), arcstat(1), arcsub(1), arcsync(1), arctest(1)
203
204
205
206
207NorduGrid ARC 1.1.0 2011-10-24 APPROXY(1)