1myproxy-retrieve(1) MyProxy myproxy-retrieve(1)
2
6 myproxy-retrieve - retrieve an end-entity credential
7
9 myproxy-retrieve [ options ]
10
12 The myproxy-retrieve command retrieves a credential directly from the
13 myproxy-server(8) that was previously stored using myproxy-init(1) or
14 myproxy-store(1). Unlike myproxy-logon(1), this command transfers the
15 private key in the repository over the network (over a private chan‐
16 nel). To obtain a proxy credential, we recommend using myproxy-
17 logon(1) instead.
18 In the default mode, the command prompts for the pass phrase associated
20 with the credential to be retrieved and stores the retrieved credential
21 in the standard location ( ~/.globus/usercert.pem and
22 ~/.globus/userkey.pem). You could then run grid-proxy-init to create a
23 proxy credential from the retrieved credentials.
24
26 -h, --help
27 Displays command usage text and exits.
28 -u, --usage
30 Displays command usage text and exits.
31 -v, --verbose
33 Enables verbose debugging output to the terminal.
34 -V, --version
36 Displays version information and exits.
37 -s hostname[:port], --pshost hostname[:port]
39 Specifies the hostname(s) of the myproxy-server(s). Multiple
40 hostnames, each hostname optionally followed by a ':' and port
41 number, may be specified in a comma-separated list. This option
42 is required if the MYPROXY_SERVER environment variable is not
43 defined. If specified, this option overrides the MYPROXY_SERVER
44 environment variable. If a port number is specified with a host‐
45 name, it will override the -p option as well as the
46 MYPROXY_SERVER_PORT environment variable for that host.
47 -p port, --psport port
49 Specifies the TCP port number of the myproxy-server(8).
50 Default: 7512
51 -l, --username
53 Specifies the MyProxy account under which the credential to
54 retrieve is stored. By default, the command uses the value of
55 the LOGNAME environment variable. Use this option to specify a
56 different account username on the MyProxy server. The MyProxy
57 username need not correspond to a real Unix username.
58 -d, --dn_as_username
60 Use the certificate subject (DN) as the default username,
61 instead of the LOGNAME environment variable. When used with the
62 -a option, the certificate subject of the authorization creden‐
63 tial is used. Otherwise, the certificate subject of the default
64 credential is used.
65 -t hours, --proxy_lifetime hours
67 Specifies the lifetime of credentials retrieved from the
68 myproxy-server(8) using the stored credential. The resulting
69 lifetime is the shorter of the requested lifetime and the life‐
70 time specified when the credential was stored using myproxy-
71 init(1). Default: 12 hours
72 -c filename, --certfile filename
74 Specifies the filename of where the certificate will be
75 stored.
76 -y filename, --keyfile filename
78 Specifies the filename of where the private key will be stored.
79 -a file, --authorization file
81 Use this option to specify an existing, valid credential that
82 you want to renew. Renewing a credential generally requires two
83 certificate-based authentications. The client authenticates
84 with its identity, using the credential in the standard location
85 or specified by X509_USER_PROXY or X509_USER_CERT and
86 X509_USER_KEY in addition to authenticating with the existing
87 credential, in the location specified by this option, that it
88 wants to renew.
89 -k name, --credname name
91 Specifies the name of the credential that is to be retrieved or
92 renewed.
93 -S, --stdin_pass
95 By default, the command prompts for a passphrase and reads the
96 passphrase from the active tty. When running the command non-
97 interactively, there may be no associated tty. Specifying this
98 option tells the command to read passphrases from standard input
99 without prompts or confirmation.
100 -T, --trustroots
102 Retrieve CA certificates directory from server (if available) to
103 store in the location specified by the X509_CERT_DIR environment
104 variable if set or /etc/grid-security/certificates if running as
105 root or ~/.globus/certificates if running as non-root.
106 -n, --no_passphrase
108 Don't prompt for a credential passphrase. Use other methods for
109 authentication, such as Kerberos ticket or X.509 certificate.
110
112 0 on success, >0 on error
113
115 MYPROXY_SERVER
116 Specifies the hostname(s) where the myproxy-server(8) is run‐
117 ning. Multiple hostnames can be specified in a comma separated
118 list with each hostname optionally followed by a ':' and port
119 number. This environment variable can be used in place of the
120 -s option.
121 MYPROXY_SERVER_PORT
123 Specifies the port where the myproxy-server(8) is running. This
124 environment variable can be used in place of the -p option.
125 MYPROXY_SERVER_DN
127 Specifies the distinguished name (DN) of the myproxy-server(8).
128 All MyProxy client programs authenticate the server's identity.
129 By default, MyProxy servers run with host credentials, so the
130 MyProxy client programs expect the server to have a distin‐
131 guished name with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
132 "/CN=<fqhn>" (where <fqhn> is the fully-qualified hostname of
133 the server). If the server is running with some other DN, you
134 can set this environment variable to tell the MyProxy clients to
135 accept the alternative DN.
136 MYPROXY_TCP_PORT_RANGE
138 Specifies a range of valid port numbers in the form "min,max"
139 for the client side of the network connection to the server. By
140 default, the client will bind to any available port. Use this
141 environment variable to restrict the ports used to a range
142 allowed by your firewall. If unset, MyProxy will follow the
143 setting of the GLOBUS_TCP_PORT_RANGE environment variable.
144 X509_USER_CERT
146 Specifies a non-standard location for the certificate to be used
147 for authentication to the myproxy-server(8). Also specifies the
148 location for where the retrieved certificate will be stored
149 unless the -c option is given.
150 X509_USER_KEY
152 Specifies a non-standard location for the private key to be used
153 for authentication to the myproxy-server(8). Also specifies the
154 location for where the retrieved private key will be stored
155 unless the -y option is given.
156 X509_USER_PROXY
158 Specifies a non-standard location for the proxy credential to be
159 used for authentication to the myproxy-server(8).
160 X509_CERT_DIR
162 Specifies a non-standard location for the CA certificates direc‐
163 tory.
164
166 See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
167
169 myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-get-trust‐
170 roots(1), myproxy-info(1), myproxy-init(1), myproxy-logon(1), myproxy-
171 store(1), myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-
172 admin-change-pass(8), myproxy-admin-load-credential(8), myproxy-admin-
173 query(8), myproxy-server(8)
174MyProxy 2009-12-1 myproxy-retrieve(1)