1myproxy-logon(1) MyProxy myproxy-logon(1)
2
3
4
6 myproxy-logon - retrieve a credential
7
9 myproxy-logon [ options ]
10
11 myproxy-get-delegation [ options ]
12
14 The myproxy-logon command retrieves a proxy credential from the
15 myproxy-server(8) that was previously stored using myproxy-init(1) or
16 myproxy-store(1). It can also be used to retrieve short-lived end
17 entity credentials from a myproxy-server(8) configured to act as a Cer‐
18 tificate Authority. In the default mode, the command prompts for the
19 MyProxy pass phrase associated with the credential to be retrieved and
20 stores the retrieved credential in the location specified by the
21 X509_USER_PROXY environment variable or /tmp/x509up_u<uid> if that
22 environment variable is not set.
23
24 The myproxy-logon command is also available under the name myproxy-get-
25 delegation for backward compatibility.
26
28 -h, --help
29 Displays command usage text and exits.
30
31 -u, --usage
32 Displays command usage text and exits.
33
34 -v, --verbose
35 Enables verbose debugging output to the terminal.
36
37 -V, --version
38 Displays version information and exits.
39
40 -s hostname[:port], --pshost hostname[:port]
41 Specifies the hostname(s) of the myproxy-server(s). Multiple
42 hostnames, each hostname optionally followed by a ':' and port
43 number, may be specified in a comma-separated list. This option
44 is required if the MYPROXY_SERVER environment variable is not
45 defined. If specified, this option overrides the MYPROXY_SERVER
46 environment variable. If a port number is specified with a host‐
47 name, it will override the -p option as well as the
48 MYPROXY_SERVER_PORT environment variable for that host.
49
50 -p port, --psport port
51 Specifies the TCP port number of the myproxy-server(8).
52 Default: 7512
53
54 -l, --username
55 Specifies the MyProxy account under which the credential to
56 retrieve is stored. By default, the command uses the value of
57 the LOGNAME environment variable. Use this option to specify a
58 different account username on the MyProxy server. The MyProxy
59 username need not correspond to a real Unix username.
60
61 -d, --dn_as_username
62 Use the certificate subject (DN) as the default username,
63 instead of the LOGNAME environment variable. When used with the
64 -a option, the certificate subject of the authorization creden‐
65 tial is used. Otherwise, the certificate subject of the default
66 credential is used.
67
68 -t hours, --proxy_lifetime hours
69 Specifies the lifetime of credentials retrieved from the
70 myproxy-server(8) using the stored credential. The resulting
71 lifetime is the shorter of the requested lifetime and the life‐
72 time specified when the credential was stored using myproxy-
73 init(1). Default: 12 hours
74
75 -o file, --out file
76 Specifies where the retrieved proxy credential should be stored.
77 If this option is not specified, the proxy credential will be
78 stored in the location specified by the X509_USER_PROXY environ‐
79 ment variable or /tmp/x509up_u<uid> if that environment variable
80 is not set. To write the credential to the command's standard
81 output rather than to a file, use -o -.
82
83 -a file, --authorization file
84 Use this option to specify an existing, valid credential that
85 you want to renew. Renewing a credential generally requires two
86 certificate-based authentications. The client authenticates
87 with its identity, using the credential in the standard location
88 or specified by the X509_USER_PROXY or X509_USER_CERT and
89 X509_USER_KEY environment variables in addition to authenticat‐
90 ing with the existing credential, in the location specified by
91 this option, that it wants to renew.
92
93 -k name, --credname name
94 Specifies the name of the credential that is to be retrieved or
95 renewed.
96
97 -S, --stdin_pass
98 By default, the command prompts for a passphrase and reads the
99 passphrase from the active tty. When running the command non-
100 interactively, there may be no associated tty. Specifying this
101 option tells the command to read passphrases from standard input
102 without prompts or confirmation.
103
104 -n, --no_passphrase
105 Don't prompt for a credential passphrase. Use other methods for
106 authentication, such as Kerberos ticket or X.509 certificate.
107 This option is implied by -a since passphrase authentication is
108 not used for credential renewal.
109
110 -T, --trustroots
111 Retrieve CA certificates directory from server (if available) to
112 store in the location specified by the X509_CERT_DIR environment
113 variable if set or /etc/grid-security/certificates if running as
114 root or ~/.globus/certificates if running as non-root.
115
116 -b, --bootstrap
117 Unless this option is specified, then if the X509_CERT_DIR
118 exists and the CA that signed the myproxy-server(8) certificate
119 is not trusted, myproxy-logon will fail with an error, to pro‐
120 tect against man-in-the-middle attacks. If, however, this
121 option is specified, myproxy-logon will accept the CA to boot‐
122 strap trust. This option implies -T.
123
124 -q, --quiet
125 Only write output messages on error.
126
127 -N, --no_credentials
128 Authenticate only. Don't retrieve credentials.
129
130 -m voms, --voms voms
131 Add VOMS attributes to the credential by running voms-proxy-init
132 on the client-side after retrieving the credential from the
133 myproxy-server(8). The VOMS VO name must be provided, as
134 required by voms-proxy-init -voms. The voms-proxy-init command
135 must also be installed and configured to use this option. For
136 example, the VOMS_USERCONF environment variable may need to be
137 set for voms-proxy-init to run correctly.
138
140 0 on success, >0 on error
141
143 MYPROXY_SERVER
144 Specifies the hostname(s) where the myproxy-server(8) is run‐
145 ning. Multiple hostnames can be specified in a comma separated
146 list with each hostname optionally followed by a ':' and port
147 number. This environment variable can be used in place of the
148 -s option.
149
150 MYPROXY_SERVER_PORT
151 Specifies the port where the myproxy-server(8) is running. This
152 environment variable can be used in place of the -p option.
153
154 MYPROXY_SERVER_DN
155 Specifies the distinguished name (DN) of the myproxy-server(8).
156 All MyProxy client programs authenticate the server's identity.
157 By default, MyProxy servers run with host credentials, so the
158 MyProxy client programs expect the server to have a distin‐
159 guished name with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
160 "/CN=<fqhn>" (where <fqhn> is the fully-qualified hostname of
161 the server). If the server is running with some other DN, you
162 can set this environment variable to tell the MyProxy clients to
163 accept the alternative DN.
164
165 MYPROXY_TCP_PORT_RANGE
166 Specifies a range of valid port numbers in the form "min,max"
167 for the client side of the network connection to the server. By
168 default, the client will bind to any available port. Use this
169 environment variable to restrict the ports used to a range
170 allowed by your firewall. If unset, MyProxy will follow the
171 setting of the GLOBUS_TCP_PORT_RANGE environment variable.
172
173 X509_USER_CERT
174 Specifies a non-standard location for the certificate to be used
175 for authentication to the myproxy-server(8).
176
177 X509_USER_KEY
178 Specifies a non-standard location for the private key to be used
179 for authentication to the myproxy-server(8).
180
181 X509_USER_PROXY
182 Specifies a non-standard location for the proxy credential to be
183 used for authentication to the myproxy-server(8). Also speci‐
184 fies the output location for the proxy credential to be
185 retrieved from the myproxy-server(8) unless the -o option is
186 given.
187
188 X509_CERT_DIR
189 Specifies a non-standard location for the CA certificates direc‐
190 tory.
191
192 MYPROXY_KEYBITS
193 Specifies the size for RSA keys generated by MyProxy. By
194 default, MyProxy generates 2048 bit RSA keys. Set this environ‐
195 ment variable to "1024" for 1024 bit RSA keys.
196
198 See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
199
201 myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-get-trust‐
202 roots(1), myproxy-info(1), myproxy-init(1), myproxy-retrieve(1),
203 myproxy-server.config(5), myproxy-store(1), myproxy-admin-adduser(8),
204 myproxy-admin-change-pass(8), myproxy-admin-load-credential(8),
205 myproxy-admin-query(8), myproxy-server(8)
206
207
208
209MyProxy 2010-09-09 myproxy-logon(1)