1HTPROXYPUT(1)                   GridSite Manual                  HTPROXYPUT(1)
2
3
4

NAME

6       htproxyput,  htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew
7       - GSI proxy delegations and querying, using  GridSite/gLite  delegation
8       API
9

SYNOPSIS

11       htproxyput,  htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew
12       [options] Service-URL
13
14       htproxyinfo [options]
15
16

DESCRIPTION

18       htproxyput is a client to perform GSI proxy delegations using the Grid‐
19       Site/gLite  delegation Web Service portType. The gridsite-delegation(8)
20       CGI program is the complementary server-side implementation.
21
22       htproxyinfo examines a local copy of a GSI proxy, and outputs a summary
23       of its X.509 and VOMS contents.
24
25

OPTIONS

27       -v/--verbose
28              Turn on debugging information.
29
30
31       --delegation-id <ID>
32              Explicitly specify the Delegation ID to use.
33
34
35       --destroy
36              Instead  of  delegating  a proxy, delete the proxy from the ser‐
37              vice's proxy cache. Calling the program  as  htproxydestroy  has
38              the same effect.
39
40
41       --time Instead of delegating a proxy, report the expiration time of the
42              proxy, in the local time of the client. Calling the  program  as
43              htproxytime has the same effect.
44
45
46       --unixtime
47              Instead of delegating a proxy, report the expiration time of the
48              proxy, as the number of seconds since 00:00:00  1970-01-01  UTC.
49              Calling the program as htproxyunixtime has the same effect.
50
51
52       --renew
53              Delegate an updated version of an existing proxy. The Delegation
54              ID must be given when using this option. Calling the program  as
55              htproxyrenew has the same effect.
56
57
58       --info Examine  a  local  proxy file, and output a summary of the X.509
59              certificates and VOMS attributes it contains. Calling  the  pro‐
60              gram as htproxyinfo has the same effect.
61
62
63       --cert <X.509 cert path>  and  --key <X.509 key path>
64              Path  to the PEM-encoded X.509 or GSI Proxy user certificate and
65              key to use for HTTPS connections, instead of  "anonymous  mode."
66              If only one of --key or --cert is given, then that will be tried
67              for both. If neither is  given,  then  the  following  order  of
68              precedence   is  used:  the  file  name  held  by  the  variable
69              X509_USER_PROXY; the file /tmp/x509up_uID (with Unix  UID  equal
70              to  ID);  the file names held by X509_USER_CERT / X509_USER_KEY;
71              the  files  ~/.globus/usercert.pem   and   ~/.globus/userkey.pem
72              (where ~/ is the home directory of the user.)
73
74
75       --capath <X.509 CA root certs directory or file>
76              Path to the PEM-encoded CA root certificates to use when verify‐
77              ing remote servers' host certificates in HTTPS connections. Ide‐
78              ally  this should be a directory of hash.0 files as described in
79              the OpenSSL verify(1) man page, but a file may be used  instead.
80              If  --capath is not given, the value of the environment variable
81              X509_CERT_DIR will  be  tried.   If  this  is  not  valid,  then
82              /etc/grid-security/certificates will be used.
83
84
85       --no-verify
86              Do  not  use CA root certificates to verify remote servers' host
87              certificates.  This is useful for  testing  sites  before  their
88              certificate  is  set  up  properly, but leaves you vulnerable to
89              "man in the middle" attacks by hostile servers  masquerading  as
90              your target.
91
92

FILES

94       /tmp/x509up_uID
95              Default GSI Proxy file for Unix UID equal to ID.
96
97
98       /etc/grid-security/certificates
99              Default  location  for trusted Certification Authority root cer‐
100              tificates to use when checking server certificates.
101
102
103       /tmp/.ca-roots-XXXXXX
104              Prior to 7.9.8, the underlying curl library did not support  the
105              CA root certificates directory.  If built with an old version of
106              libcurl, htproxyput will concatenate the certificates in the  CA
107              roots directory into a unique temporary file and use that.
108
109

ENVIRONMENT

111       X509_CERT_DIR
112              Holds  directory to search for Certification Authority root cer‐
113              tificates when verifying server certificates. (Tried if --capath
114              is not given on the command line.)
115
116
117       X509_USER_PROXY
118              Holds  file  name  of  a  GSI  Proxy to use as user certificate.
119              (Tried if --cert or --key are not given on the command line.)
120
121
122       X509_USER_CERT and X509_USER_KEY
123              Holds file name of X.509 user certificate  and  key.  (Tried  if
124              X509_USER_PROXY is not valid.)
125
126

EXIT CODES

128       0 is returned on complete success, and non-zero on error.
129
130

TO DO

132       Better error recovery.
133
134

AUTHOR

136       Andrew McNab <Andrew.McNab@manchester.ac.uk>
137
138       htproxyput is part of GridSite: http://www.gridsite.org/
139

SEE ALSO

141       htcp(1), gridsite-delegation(8)
142
143
144
145htproxyput                        March 2006                     HTPROXYPUT(1)
Impressum