1myproxy-logon(1)                    MyProxy                   myproxy-logon(1)
2
3
4

NAME

6       myproxy-logon - retrieve a credential
7

SYNOPSIS

9       myproxy-logon [ options ]
10
11       myproxy-get-delegation [ options ]
12

DESCRIPTION

14       The  myproxy-logon  command  retrieves  a  proxy  credential  from  the
15       myproxy-server(8) that was previously stored using  myproxy-init(1)  or
16       myproxy-store(1).   It  can  also  be  used to retrieve short-lived end
17       entity credentials from a myproxy-server(8) configured to act as a Cer‐
18       tificate  Authority.   In the default mode, the command prompts for the
19       MyProxy pass phrase associated with the credential to be retrieved  and
20       stores  the  retrieved  credential  in  the  location  specified by the
21       X509_USER_PROXY environment  variable  or  /tmp/x509up_u<uid>  if  that
22       environment variable is not set.
23
24       The myproxy-logon command is also available under the name myproxy-get-
25       delegation for backward compatibility.
26

OPTIONS

28       -h, --help
29              Displays command usage text and exits.
30
31       -u, --usage
32              Displays command usage text and exits.
33
34       -v, --verbose
35              Enables verbose debugging output to the terminal.
36
37       -V, --version
38              Displays version information and exits.
39
40       -s hostname[:port], --pshost hostname[:port]
41              Specifies the hostname(s) of  the  myproxy-server(s).   Multiple
42              hostnames,  each  hostname optionally followed by a ':' and port
43              number, may be specified in a comma-separated list.  This option
44              is  required  if  the MYPROXY_SERVER environment variable is not
45              defined.  If specified, this option overrides the MYPROXY_SERVER
46              environment variable. If a port number is specified with a host‐
47              name,  it  will  override  the  -p  option  as   well   as   the
48              MYPROXY_SERVER_PORT environment variable for that host.
49
50       -p port, --psport port
51              Specifies   the   TCP  port  number  of  the  myproxy-server(8).
52              Default: 7512
53
54       -l, --username
55              Specifies the MyProxy account  under  which  the  credential  to
56              retrieve  is  stored.  By default, the command uses the value of
57              the LOGNAME environment variable.  Use this option to specify  a
58              different  account  username on the MyProxy server.  The MyProxy
59              username need not correspond to a real Unix username.
60
61       -d, --dn_as_username
62              Use the  certificate  subject  (DN)  as  the  default  username,
63              instead of the LOGNAME environment variable.  When used with the
64              -a option, the certificate subject of the authorization  creden‐
65              tial is used.  Otherwise, the certificate subject of the default
66              credential is used.
67
68       -t hours, --proxy_lifetime hours
69              Specifies  the  lifetime  of  credentials  retrieved  from   the
70              myproxy-server(8)  using  the  stored credential.  The resulting
71              lifetime is the shorter of the requested lifetime and the  life‐
72              time  specified  when  the  credential was stored using myproxy-
73              init(1).  Default: 12 hours
74
75       -o file, --out file
76              Specifies where the retrieved proxy credential should be stored.
77              If  this  option  is not specified, the proxy credential will be
78              stored in the location specified by the X509_USER_PROXY environ‐
79              ment variable or /tmp/x509up_u<uid> if that environment variable
80              is not set.  To write the credential to the  command's  standard
81              output rather than to a file, use -o -.
82
83       -a file, --authorization file
84              Use  this  option  to specify an existing, valid credential that
85              you want to renew.  Renewing a credential generally requires two
86              certificate-based  authentications.   The  client  authenticates
87              with its identity, using the credential in the standard location
88              or  specified  by  the  X509_USER_PROXY  or  X509_USER_CERT  and
89              X509_USER_KEY environment variables in addition to  authenticat‐
90              ing  with  the existing credential, in the location specified by
91              this option, that it wants to renew.
92
93       -k name, --credname name
94              Specifies the name of the credential that is to be retrieved  or
95              renewed.
96
97       -S, --stdin_pass
98              By  default,  the command prompts for a passphrase and reads the
99              passphrase from the active tty.  When running the  command  non-
100              interactively,  there may be no associated tty.  Specifying this
101              option tells the command to read passphrases from standard input
102              without prompts or confirmation.
103
104       -n, --no_passphrase
105              Don't prompt for a credential passphrase.  Use other methods for
106              authentication, such as Kerberos ticket  or  X.509  certificate.
107              This  option is implied by -a since passphrase authentication is
108              not used for credential renewal.
109
110       -T, --trustroots
111              Retrieve CA certificates directory from server (if available) to
112              store in the location specified by the X509_CERT_DIR environment
113              variable if set or /etc/grid-security/certificates if running as
114              root or ~/.globus/certificates if running as non-root.
115
116       -b, --bootstrap
117              Unless  this  option  is  specified,  then  if the X509_CERT_DIR
118              exists and the CA that signed the myproxy-server(8)  certificate
119              is  not  trusted, myproxy-logon will fail with an error, to pro‐
120              tect  against  man-in-the-middle  attacks.   If,  however,  this
121              option  is  specified, myproxy-logon will accept the CA to boot‐
122              strap trust.  This option implies -T.
123
124       -q, --quiet
125              Only write output messages on error.
126
127       -N, --no_credentials
128              Authenticate only.  Don't retrieve credentials.
129
130       -m voms, --voms voms
131              Add VOMS attributes to the credential by running voms-proxy-init
132              on  the  client-side  after  retrieving  the credential from the
133              myproxy-server(8).  The  VOMS  VO  name  must  be  provided,  as
134              required  by voms-proxy-init -voms.  The voms-proxy-init command
135              must also be installed and configured to use this  option.   For
136              example,  the  VOMS_USERCONF environment variable may need to be
137              set for voms-proxy-init to run correctly.
138

EXIT STATUS

140       0 on success, >0 on error
141

ENVIRONMENT

143       MYPROXY_SERVER
144              Specifies the hostname(s) where the  myproxy-server(8)  is  run‐
145              ning.  Multiple  hostnames can be specified in a comma separated
146              list with each hostname optionally followed by a  ':'  and  port
147              number.   This  environment variable can be used in place of the
148              -s option.
149
150       MYPROXY_SERVER_PORT
151              Specifies the port where the myproxy-server(8) is running.  This
152              environment variable can be used in place of the -p option.
153
154       MYPROXY_SERVER_DN
155              Specifies  the distinguished name (DN) of the myproxy-server(8).
156              All MyProxy client programs authenticate the server's  identity.
157              By  default,  MyProxy  servers run with host credentials, so the
158              MyProxy client programs expect the  server  to  have  a  distin‐
159              guished  name  with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
160              "/CN=<fqhn>" (where <fqhn> is the  fully-qualified  hostname  of
161              the  server).   If the server is running with some other DN, you
162              can set this environment variable to tell the MyProxy clients to
163              accept the alternative DN.
164
165       MYPROXY_TCP_PORT_RANGE
166              Specifies  a  range  of valid port numbers in the form "min,max"
167              for the client side of the network connection to the server.  By
168              default,  the  client will bind to any available port.  Use this
169              environment variable to restrict  the  ports  used  to  a  range
170              allowed  by  your  firewall.   If unset, MyProxy will follow the
171              setting of the GLOBUS_TCP_PORT_RANGE environment variable.
172
173       X509_USER_CERT
174              Specifies a non-standard location for the certificate to be used
175              for authentication to the myproxy-server(8).
176
177       X509_USER_KEY
178              Specifies a non-standard location for the private key to be used
179              for authentication to the myproxy-server(8).
180
181       X509_USER_PROXY
182              Specifies a non-standard location for the proxy credential to be
183              used  for  authentication to the myproxy-server(8).  Also speci‐
184              fies  the  output  location  for  the  proxy  credential  to  be
185              retrieved  from  the  myproxy-server(8)  unless the -o option is
186              given.
187
188       X509_CERT_DIR
189              Specifies a non-standard location for the CA certificates direc‐
190              tory.
191
192       MYPROXY_KEYBITS
193              Specifies  the  size  for  RSA  keys  generated  by MyProxy.  By
194              default, MyProxy generates 2048 bit RSA keys.  Set this environ‐
195              ment variable to "1024" for 1024 bit RSA keys.
196

AUTHORS

198       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
199

SEE ALSO

201       myproxy-change-pass-phrase(1),  myproxy-destroy(1),  myproxy-get-trust‐
202       roots(1),   myproxy-info(1),   myproxy-init(1),    myproxy-retrieve(1),
203       myproxy-server.config(5),  myproxy-store(1),  myproxy-admin-adduser(8),
204       myproxy-admin-change-pass(8),         myproxy-admin-load-credential(8),
205       myproxy-admin-query(8), myproxy-server(8)
206
207
208
209MyProxy                           2010-09-09                  myproxy-logon(1)
Impressum