1myproxy-store(1)                    MyProxy                   myproxy-store(1)
2
3
4

NAME

6       myproxy-store - store end-entity credential for later retrieval
7

SYNOPSIS

9       myproxy-store [ options ]
10

DESCRIPTION

12       The  myproxy-store  command uploads a credential to a myproxy-server(8)
13       for later retrieval.  The user must have a valid  proxy  credential  as
14       generated by grid-proxy-init or retrieved by myproxy-logon(1) when run‐
15       ning this command.  Unlike myproxy-init(1), this command transfers  the
16       private  key over the network (over a private channel).  In the default
17       mode,   the   command   will   take   the    credentials    found    in
18       ~/.globus/usercert.pem  and ~/.globus/userkey.pem and store them in the
19       myproxy-server(8) repository.  Proxy credentials with default  lifetime
20       of 12 hours can then be retrieved by myproxy-logon(1) using the creden‐
21       tial passphrase.  The default behavior can  be  overridden  by  options
22       specified below.
23
24       The  hostname  where the myproxy-server(8) is running must be specified
25       by either defining the MYPROXY_SERVER environment variable  or  the  -s
26       option.
27

OPTIONS

29       -h, --help
30              Displays command usage text and exits.
31
32       -u, --usage
33              Displays command usage text and exits.
34
35       -v, --verbose
36              Enables verbose debugging output to the terminal.
37
38       -V, --version
39              Displays version information and exits.
40
41       -s hostname[:port], --pshost hostname[:port]
42              Specifies  the  hostname(s)  of the myproxy-server(s).  Multiple
43              hostnames, each hostname optionally followed by a ':'  and  port
44              number, may be specified in a comma-separated list.  This option
45              is required if the MYPROXY_SERVER environment  variable  is  not
46              defined.  If specified, this option overrides the MYPROXY_SERVER
47              environment variable. If a port number is specified with a host‐
48              name,   it   will   override  the  -p  option  as  well  as  the
49              MYPROXY_SERVER_PORT environment variable for that host.
50
51       -p port, --psport port
52              Specifies  the  TCP  port  number  of   the   myproxy-server(8).
53              Default:   7512   If   specified,   this  option  overrides  the
54              MYPROXY_SERVER_PORT environment variable.
55
56       -l, --username
57              Specifies the MyProxy account under which the credential  should
58              be  stored.   By default, the command uses the value of the LOG‐
59              NAME environment variable.  Use this option to specify a differ‐
60              ent  account  username on the MyProxy server.  The MyProxy user‐
61              name need not correspond to a real Unix username.
62
63       -c filename, --certfile filename
64              Specifies  the  filename  of  the source certificate.
65
66       -y filename, --keyfile filename
67              Specifies the filename of the source private key.
68
69       -t hours, --proxy_lifetime hours
70              Specifies the maximum lifetime of credentials retrieved from the
71              myproxy-server(8)  using  the  stored  credential.   Default: 12
72              hours
73
74       -d, --dn_as_username
75              Use the  certificate  subject  (DN)  as  the  default  username,
76              instead of the LOGNAME environment variable.
77
78       -a, --allow_anonymous_retrievers
79              Allow  credentials to be retrieved with just pass phrase authen‐
80              tication.  By default, only entities with credentials that match
81              the   myproxy-server.config(5)   default  retriever  policy  may
82              retrieve  credentials.   This  option  allows  entities  without
83              existing  credentials to retrieve a credential using pass phrase
84              authentication by including "anonymous" in the  set  of  allowed
85              retrievers.   The  myproxy-server.config(5)  server-wide  policy
86              must also allow "anonymous" clients for this option to  have  an
87              effect.
88
89       -A, --allow_anonymous_renewers
90              Allow  credentials to be renewed by any client.  Any client with
91              a valid credential with a subject name that matches  the  stored
92              credential may retrieve a new credential from the MyProxy repos‐
93              itory if this option is given.  Since this  effectively  defeats
94              the  purpose  of  proxy  credential  lifetimes, it is not recom‐
95              mended.  It is included only for sake of completeness.
96
97       -r dn, --retrievable_by dn
98              Allow the specified entity to retrieve credentials.  By default,
99              the argument will be matched against the common name (CN) of the
100              client (for example: "Jim  Basney").   Specify  -x  before  this
101              option  to  match  against the full distinguished name (DN) (for
102              example: "/C=US/O=National Computational Science Alliance/CN=Jim
103              Basney")  or  a  regular expression (for example: "*/CN=Jim Bas‐
104              ney|*/CN=James Basney").
105
106       -E dn, --retrieve_key dn
107              Allow the specified entity to retrieve  end-entity  credentials.
108              By default, the argument will be matched against the common name
109              (CN) of the client (for  example:  "Jim  Basney").   Specify  -x
110              before  this option to match against the full distinguished name
111              (DN)  (for  example:  "/C=US/O=National  Computational   Science
112              Alliance/CN=Jim  Basney")  or a regular expression (for example:
113              "*/CN=Jim Basney|*/CN=James Basney").
114
115       -R dn, --renewable_by dn
116              Allow the specified entity to renew  credentials.   By  default,
117              the argument will be matched against the common name (CN) of the
118              client (for example: "condorg/modi4.ncsa.uiuc.edu").  Specify -x
119              before  this option to match against the full distinguished name
120              (DN)  (for  example:  "/C=US/O=National  Computational   Science
121              Alliance/CN=condorg/modi4.ncsa.uiuc.edu")  or  a regular expres‐
122              sion                        (for                        example:
123              "*/CN=server1.ncsa.uiuc.edu|*/CN=server2.ncsa.uiuc.edu").
124
125       -Z dn, --retrievable_by_cert dn
126              Allow  the  specified  entity  to retrieve credentials without a
127              passphrase.  By default, the argument will  be  matched  against
128              the  common name (CN) of the client (for example: "Jim Basney").
129              Specify -x before this option to match against the full  distin‐
130              guished  name (DN) (for example: "/C=US/O=National Computational
131              Science Alliance/CN=Jim Basney") or a  regular  expression  (for
132              example: "*/CN=Jim Basney|*/CN=James Basney").
133
134       -x, --regex_dn_match
135              Specifies  that the DN used by options -r and -R will be matched
136              as a regular expression.
137
138       -X, --match_cn_only
139              Specifies that the DN used by options -r and -R will be  matched
140              against the Common Name (CN) of the subject.
141
142       -k name, --credname name
143              Specifies the credential name.
144
145       -K description, --creddesc description
146              Specifies credential description.
147
148
149       EXIT STATUS
150              0 on success, >0 on error
151

FILES

153       ~/.globus/usercert.pem
154              Default location of the certificate to be stored on the myproxy-
155              server.  Use the --certfile option to override.
156
157       ~/.globus/userkey.pem
158              Default location of the private key to be stored on the myproxy-
159              server.  Use the --keyfile option to override.
160
161       -T, --trustroots
162              Retrieve CA certificates directory from server (if available) to
163              store in the location specified by the X509_CERT_DIR environment
164              variable if set or /etc/grid-security/certificates if running as
165              root or ~/.globus/certificates if running as non-root.
166

ENVIRONMENT

168       MYPROXY_SERVER
169              Specifies the hostname(s) where the  myproxy-server(8)  is  run‐
170              ning.  Multiple  hostnames can be specified in a comma separated
171              list with each hostname optionally followed by a  ':'  and  port
172              number.   This  environment variable can be used in place of the
173              -s option.
174
175       MYPROXY_SERVER_PORT
176              Specifies the port where the myproxy-server(8) is running.  This
177              environment variable can be used in place of the -p option.
178
179       MYPROXY_SERVER_DN
180              Specifies  the distinguished name (DN) of the myproxy-server(8).
181              All MyProxy client programs authenticate the server's  identity.
182              By  default,  MyProxy  servers run with host credentials, so the
183              MyProxy client programs expect the  server  to  have  a  distin‐
184              guished  name  with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
185              "/CN=<fqhn>" (where <fqhn> is the  fully-qualified  hostname  of
186              the  server).   If the server is running with some other DN, you
187              can set this environment variable to tell the MyProxy clients to
188              accept the alternative DN.
189
190       MYPROXY_TCP_PORT_RANGE
191              Specifies  a  range  of valid port numbers in the form "min,max"
192              for the client side of the network connection to the server.  By
193              default,  the  client will bind to any available port.  Use this
194              environment variable to restrict  the  ports  used  to  a  range
195              allowed  by  your  firewall.   If unset, MyProxy will follow the
196              setting of the GLOBUS_TCP_PORT_RANGE environment variable.
197
198       X509_USER_CERT
199              Specifies a non-standard location for the certificate to be used
200              for authentication to the myproxy-server(8).  Also specifies the
201              location for the certificate to be stored unless the  -c  option
202              is given.
203
204       X509_USER_KEY
205              Specifies a non-standard location for the private key to be used
206              for authentication to the myproxy-server(8).  Also specifies the
207              location  for  the private key to be stored unless the -y option
208              is given.
209
210       X509_USER_PROXY
211              Specifies a non-standard location for the proxy credential to be
212              used for authentication to the myproxy-server(8).
213
214       X509_CERT_DIR
215              Specifies a non-standard location for the CA certificates direc‐
216              tory.
217

AUTHORS

219       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
220

SEE ALSO

222       myproxy-change-pass-phrase(1),  myproxy-destroy(1),  myproxy-get-trust‐
223       roots(1),   myproxy-info(1),   myproxy-logon(1),   myproxy-retrieve(1),
224       myproxy-server.config(5),   myproxy-admin-adduser(8),    myproxy-admin-
225       change-pass(8),     myproxy-admin-load-credential(8),    myproxy-admin-
226       query(8), myproxy-server(8) myproxy-retrieve(1)
227
228
229
230MyProxy                            2009-12-1                  myproxy-store(1)
Impressum