1myproxy-admin-load-credential(8)    MyProxy   myproxy-admin-load-credential(8)
2
3
4

NAME

6       myproxy-admin-load-credential - directly load repository
7

SYNOPSIS

9       myproxy-admin-load-credential [ options ]
10

DESCRIPTION

12       The  myproxy-admin-load-credential command stores a credential directly
13       in the local MyProxy repository.  It must be run from the account  that
14       owns  the  repository.   Many  of  the  options are similar to myproxy-
15       init(1).  However, unlike  myproxy-init,  myproxy-admin-load-credential
16       does not create a proxy from the source credential but instead directly
17       loads a copy of the source credential into the  repository.   The  pass
18       phrase  of  the  source  credential  is  unchanged.  Use myproxy-admin-
19       change-pass(8) to change the pass phrase after the credential is stored
20       if  desired.   Proxy  credentials with default lifetime of 12 hours can
21       then be retrieved by myproxy-logon(1)  using  the  MyProxy  passphrase.
22       The command's behavior is controlled by the following options.
23

OPTIONS

25       -h, --help
26              Displays command usage text and exits.
27
28       -u, --usage
29              Displays command usage text and exits.
30
31       -v, --verbose
32              Enables verbose debugging output to the terminal.
33
34       -V, --version
35              Displays version information and exits.
36
37       -s dir, --storage dir
38              Specifies the location of the credential storage directory.  The
39              directory must be  accessible  only  by  the  user  running  the
40              myproxy-server   process   for   security   reasons.    Default:
41              /var/myproxy or $GLOBUS_LOCATION/var/myproxy
42
43       -c filename, --certfile filename
44              Specifies the filename of the source  certificate.   This  is  a
45              required parameter.
46
47       -y filename, --keyfile filename
48              Specifies  the  filename  of  the source private key.  This is a
49              required parameter.  If the private key  is  encrypted,  MyProxy
50              clients  will  be  required to give the encryption passphrase to
51              access the key.  When used with -R or -Z, it is common  for  the
52              private  key  to not be encrypted, so MyProxy clients can access
53              the credentials using only certificate-based authentication  and
54              authorization.
55
56       -l username, --username username
57              Specifies  the MyProxy account under which the credential should
58              be stored.  By default, the command uses the value of  the  LOG‐
59              NAME environment variable.  Use this option to specify a differ‐
60              ent account username on the MyProxy server.  The  MyProxy  user‐
61              name need not correspond to a real Unix username.
62
63       -t hours, --proxy_lifetime hours
64              Specifies the maximum lifetime of credentials retrieved from the
65              myproxy-server(8) using  the  stored  credential.   Default:  12
66              hours
67
68       -d, --dn_as_username
69              Use the certificate subject (DN) as the username.
70
71       -a, --allow_anonymous_retrievers
72              Allow  credentials to be retrieved with just pass phrase authen‐
73              tication.  By default, only entities with credentials that match
74              the   myproxy-server.config(5)   default  retriever  policy  may
75              retrieve  credentials.   This  option  allows  entities  without
76              existing  credentials to retrieve a credential using pass phrase
77              authentication by including "anonymous" in the  set  of  allowed
78              retrievers.   The  myproxy-server.config(5)  server-wide  policy
79              must also allow "anonymous" clients for this option to  have  an
80              effect.
81
82       -A, --allow_anonymous_renewers
83              Allow  credentials to be renewed by any client.  Any client with
84              a valid credential with a subject name that matches  the  stored
85              credential may retrieve a new credential from the MyProxy repos‐
86              itory if this option is given.  Since this  effectively  defeats
87              the  purpose  of  proxy  credential  lifetimes, it is not recom‐
88              mended.  It is included only for sake of completeness.
89
90       -r dn, --retrievable_by dn
91              Allow the specified entity to retrieve credentials.  By default,
92              the argument will be matched against the common name (CN) of the
93              client (for example: "Jim  Basney").   Specify  -x  before  this
94              option  to  match  against the full distinguished name (DN) (for
95              example: "/C=US/O=National Computational Science Alliance/CN=Jim
96              Basney")  or  a  regular expression (for example: "*/CN=Jim Bas‐
97              ney|*/CN=James Basney").
98
99       -E dn, --retrieve_key dn
100              Allow the specified entity to retrieve  end-entity  credentials.
101              By default, the argument will be matched against the common name
102              (CN) of the client (for  example:  "Jim  Basney").   Specify  -x
103              before  this option to match against the full distinguished name
104              (DN)  (for  example:  "/C=US/O=National  Computational   Science
105              Alliance/CN=Jim  Basney")  or a regular expression (for example:
106              "*/CN=Jim Basney|*/CN=James Basney").
107
108       -R dn, --renewable_by dn
109              Allow the specified entity to renew  credentials.   By  default,
110              the argument will be matched against the common name (CN) of the
111              client (for example: "condorg/modi4.ncsa.uiuc.edu").  Specify -x
112              before  this option to match against the full distinguished name
113              (DN)  (for  example:  "/C=US/O=National  Computational   Science
114              Alliance/CN=condorg/modi4.ncsa.uiuc.edu")  or  a regular expres‐
115              sion                        (for                        example:
116              "*/CN=server1.ncsa.uiuc.edu|*/CN=server2.ncsa.uiuc.edu").
117
118       -Z dn, --retrievable_by_cert dn
119              Allow  the  specified  entity  to retrieve credentials without a
120              passphrase.  By default, the argument will  be  matched  against
121              the  common name (CN) of the client (for example: "Jim Basney").
122              Specify -x before this option to match against the full  distin‐
123              guished  name (DN) (for example: "/C=US/O=National Computational
124              Science Alliance/CN=Jim Basney") or a  regular  expression  (for
125              example: "*/CN=Jim Basney|*/CN=James Basney").
126
127       -x, --regex_dn_match
128              Specifies  that the DN used by options -r and -R will be matched
129              as a regular expression.
130
131       -X, --match_cn_only
132              Specifies that the DN used by options -r and -R will be  matched
133              against the Common Name (CN) of the subject.
134
135       -k name, --credname name
136              Specifies the credential name.
137
138       -K description, --creddesc description
139              Specifies credential description.
140

EXIT STATUS

142       0 on success, >0 on error
143

AUTHORS

145       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
146

SEE ALSO

148       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),
149       myproxy-init(1),   myproxy-logon(1),   myproxy-retrieve(1),    myproxy-
150       store(1),  myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-
151       admin-change-pass(8), myproxy-admin-query(8), myproxy-server(8)
152
153
154
155MyProxy                            2009-12-1  myproxy-admin-load-credential(8)
Impressum