1myproxy-store(1)                    MyProxy                   myproxy-store(1)
2
3
4

NAME

6       myproxy-store - store end-entity credential for later retrieval
7

SYNOPSIS

9       myproxy-store [ options ]
10

DESCRIPTION

12       The  myproxy-store  command uploads a credential to a myproxy-server(8)
13       for later retrieval.  The user must have a valid  proxy  credential  as
14       generated by grid-proxy-init or retrieved by myproxy-logon(1) when run‐
15       ning this command.  Unlike myproxy-init(1), this command transfers  the
16       private  key over the network (over a private channel).  In the default
17       mode,   the   command   will   take   the    credentials    found    in
18       ~/.globus/usercert.pem  and ~/.globus/userkey.pem and store them in the
19       myproxy-server(8) repository.  Proxy credentials with default  lifetime
20       of 12 hours can then be retrieved by myproxy-logon(1) using the creden‐
21       tial passphrase.  The default behavior can  be  overridden  by  options
22       specified below.
23
24       The  hostname  where the myproxy-server(8) is running must be specified
25       by either defining the MYPROXY_SERVER environment variable  or  the  -s
26       option.
27

OPTIONS

29       -h, --help
30              Displays command usage text and exits.
31
32       -u, --usage
33              Displays command usage text and exits.
34
35       -v, --verbose
36              Enables verbose debugging output to the terminal.
37
38       -V, --version
39              Displays version information and exits.
40
41       -s hostname[:port], --pshost hostname[:port]
42              Specifies  the  hostname(s)  of the myproxy-server(s).  Multiple
43              hostnames, each hostname optionally followed by a ':'  and  port
44              number, may be specified in a comma-separated list.  This option
45              is required if the MYPROXY_SERVER environment  variable  is  not
46              defined.  If specified, this option overrides the MYPROXY_SERVER
47              environment variable. If a port number is specified with a host‐
48              name,   it   will   override  the  -p  option  as  well  as  the
49              MYPROXY_SERVER_PORT environment variable for that host.
50
51       -p port, --psport port
52              Specifies  the  TCP  port  number  of   the   myproxy-server(8).
53              Default:   7512   If   specified,   this  option  overrides  the
54              MYPROXY_SERVER_PORT environment variable.
55
56       -l username, --username username
57              Specifies the MyProxy account under which the credential  should
58              be  stored.   By default, the command uses the value of the LOG‐
59              NAME environment variable.  Use this option to specify a differ‐
60              ent  account  username on the MyProxy server.  The MyProxy user‐
61              name need not correspond to a real Unix username.
62
63       -c filename, --certfile filename
64              Specifies  the  filename  of  the source certificate.
65
66       -y filename, --keyfile filename
67              Specifies the filename of the source private key.
68
69       -t hours, --proxy_lifetime hours
70              Specifies the maximum lifetime of credentials retrieved from the
71              myproxy-server(8)  using  the  stored  credential.   Default: 12
72              hours
73
74       -d, --dn_as_username
75              Use the  certificate  subject  (DN)  as  the  default  username,
76              instead of the LOGNAME environment variable.
77
78       -a, --allow_anonymous_retrievers
79              Allow  credentials to be retrieved with just pass phrase authen‐
80              tication.  By default, only entities with credentials that match
81              the   myproxy-server.config(5)   default  retriever  policy  may
82              retrieve  credentials.   This  option  allows  entities  without
83              existing  credentials to retrieve a credential using pass phrase
84              authentication by including "anonymous" in the  set  of  allowed
85              retrievers.   The  myproxy-server.config(5)  server-wide  policy
86              must also allow "anonymous" clients for this option to  have  an
87              effect.
88
89       -A, --allow_anonymous_renewers
90              Allow  credentials to be renewed by any client.  Any client with
91              a valid credential with a subject name that matches  the  stored
92              credential may retrieve a new credential from the MyProxy repos‐
93              itory if this option is given.  Since this  effectively  defeats
94              the  purpose  of  proxy  credential  lifetimes, it is not recom‐
95              mended.  It is included only for sake of completeness.
96
97       -r name, --retrievable_by name
98              Allow the specified entity to retrieve credentials.  See -x  and
99              -X options for controlling name matching behavior.
100
101       -E name, --retrieve_key name
102              Allow  the  specified entity to retrieve end-entity credentials.
103              See -x and -X options for controlling name matching behavior.
104
105       -R name, --renewable_by name
106              Allow the specified entity to renew credentials.  See -x and  -X
107              options for controlling name matching behavior.
108
109       -Z name, --retrievable_by_cert name
110              Allow  the  specified  entity  to retrieve credentials without a
111              passphrase.  See -x and -X options for controlling name matching
112              behavior.
113
114       -x, --regex_dn_match
115              Specifies that names used with following options -r, -E, -R, and
116              -Z will be matched against the full certificate subject  distin‐
117              guished  name  (DN) according to REGULAR EXPRESSIONS in myproxy-
118              server.config(5).
119
120       -X, --match_cn_only
121              Specifies that names used with following options -r, -E, -R, and
122              -Z  will  be matched against the certificate subject common name
123              (CN) according to  REGULAR  EXPRESSIONS  in  myproxy-server.con‐
124              fig(5).  For example, if an argument of -r "Jim Basney" is spec‐
125              ified, then the resulting  policy  will  be  "*/CN=Jim  Basney".
126              This is the default behavior.
127
128       -k name, --credname name
129              Specifies the credential name.
130
131       -K description, --creddesc description
132              Specifies credential description.
133
134
135       EXIT STATUS
136              0 on success, >0 on error
137

FILES

139       ~/.globus/usercert.pem
140              Default location of the certificate to be stored on the myproxy-
141              server.  Use the --certfile option to override.
142
143       ~/.globus/userkey.pem
144              Default location of the private key to be stored on the myproxy-
145              server.  Use the --keyfile option to override.
146
147       -T, --trustroots
148              Retrieve CA certificates directory from server (if available) to
149              store in the location specified by the X509_CERT_DIR environment
150              variable if set or /etc/grid-security/certificates if running as
151              root or ~/.globus/certificates if running as non-root.
152

ENVIRONMENT

154       GLOBUS_GSSAPI_NAME_COMPATIBILITY
155              This client will, by default, perform a  reverse-DNS  lookup  to
156              determine the FQHN (Fully Qualified Host Name) to use in verify‐
157              ing the identity of the server by checking the FQHN against  the
158              CN   in   server's   certificate.    Setting  this  variable  to
159              STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be  per‐
160              formed  and  the  user-specified  name to be used instead.  This
161              variable setting will be ignored if MYPROXY_SERVER_DN (described
162              later) is set.
163
164       MYPROXY_SERVER
165              Specifies  the  hostname(s)  where the myproxy-server(8) is run‐
166              ning. Multiple hostnames can be specified in a  comma  separated
167              list  with  each  hostname optionally followed by a ':' and port
168              number.  This environment variable can be used in place  of  the
169              -s option.
170
171       MYPROXY_SERVER_PORT
172              Specifies the port where the myproxy-server(8) is running.  This
173              environment variable can be used in place of the -p option.
174
175       MYPROXY_SERVER_DN
176              Specifies the distinguished name (DN) of the  myproxy-server(8).
177              All  MyProxy client programs authenticate the server's identity.
178              By default, MyProxy servers run with host  credentials,  so  the
179              MyProxy  client  programs  expect  the  server to have a distin‐
180              guished name with "/CN=host/<fqhn>" or  "/CN=myproxy/<fqhn>"  or
181              "/CN=<fqhn>"  (where  <fqhn>  is the fully-qualified hostname of
182              the server).  If the server is running with some other  DN,  you
183              can set this environment variable to tell the MyProxy clients to
184              accept the alternative DN. Also see  GLOBUS_GSSAPI_NAME_COMPATI‐
185              BILITY above.
186
187       MYPROXY_TCP_PORT_RANGE
188              Specifies  a  range  of valid port numbers in the form "min,max"
189              for the client side of the network connection to the server.  By
190              default,  the  client will bind to any available port.  Use this
191              environment variable to restrict  the  ports  used  to  a  range
192              allowed  by  your  firewall.   If unset, MyProxy will follow the
193              setting of the GLOBUS_TCP_PORT_RANGE environment variable.
194
195       X509_USER_CERT
196              Specifies a non-standard location for the certificate to be used
197              for authentication to the myproxy-server(8).  Also specifies the
198              location for the certificate to be stored unless the  -c  option
199              is given.
200
201       X509_USER_KEY
202              Specifies a non-standard location for the private key to be used
203              for authentication to the myproxy-server(8).  Also specifies the
204              location  for  the private key to be stored unless the -y option
205              is given.
206
207       X509_USER_PROXY
208              Specifies a non-standard location for the proxy credential to be
209              used for authentication to the myproxy-server(8).
210
211       X509_CERT_DIR
212              Specifies a non-standard location for the CA certificates direc‐
213              tory.
214

AUTHORS

216       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
217       authors.
218

SEE ALSO

220       myproxy-change-pass-phrase(1),  myproxy-destroy(1),  myproxy-get-trust‐
221       roots(1),   myproxy-info(1),   myproxy-logon(1),   myproxy-retrieve(1),
222       myproxy-server.config(5),    myproxy-admin-adduser(8),   myproxy-admin-
223       change-pass(8),    myproxy-admin-load-credential(8),     myproxy-admin-
224       query(8), myproxy-server(8) myproxy-retrieve(1)
225
226
227
228MyProxy                           2011-09-05                  myproxy-store(1)
Impressum