myproxy-get-trustroots(1)

1myproxy-get-trustroots(1)           MyProxy          myproxy-get-trustroots(1)
2
3
4

NAME

6       myproxy-get-trustroots - fetch trustroots from a myproxy-server
7

SYNOPSIS

9       myproxy-get-trustroots [ options ]
10

DESCRIPTION

12       The  myproxy-get-trustroots  command retrieves the trusted certificates
13       from the myproxy-server(8) and stores them in the location specified by
14       the  X509_CERT_DIR  environment  variable  if  set  or  /etc/grid-secu‐
15       rity/certificates if running as root or ~/.globus/certificates if  run‐
16       ning as non-root.
17
18       An  example cron job for running myproxy-get-trustroots periodically to
19       keep  the  X509_CERT_DIR  up-to-date  is  provided   at   $GLOBUS_LOCA‐
20       TION/share/myproxy/myproxy-get-trustroots.cron.
21

OPTIONS

23       -b, --bootstrap
24              Unless  this  option  is  specified,  then  if the X509_CERT_DIR
25              exists and the CA that signed the myproxy-server(8)  certificate
26              is  not trusted, myproxy-get-trustroots will fail with an error,
27              to protect against man-in-the-middle attacks.  If, however, this
28              option  is  specified, myproxy-get-trustroots will accept the CA
29              to bootstrap trust.
30
31       -h, --help
32              Displays command usage text and exits.
33
34       -u, --usage
35              Displays command usage text and exits.
36
37       -v, --verbose
38              Enables verbose debugging output to the terminal.
39
40       -V, --version
41              Displays version information and exits.
42
43       -s hostname[:port], --pshost hostname[:port]
44              Specifies the hostname(s) of  the  myproxy-server(s).   Multiple
45              hostnames,  each  hostname optionally followed by a ':' and port
46              number, may be specified in a comma-separated list.  This option
47              is  required  if  the MYPROXY_SERVER environment variable is not
48              defined.  If specified, this option overrides the MYPROXY_SERVER
49              environment variable. If a port number is specified with a host‐
50              name,  it  will  override  the  -p  option  as   well   as   the
51              MYPROXY_SERVER_PORT environment variable for that host.
52
53       -p port, --psport port
54              Specifies   the   TCP  port  number  of  the  myproxy-server(8).
55              Default: 7512
56
57       -q, --quiet
58              Only write output messages on error.
59

ENVIRONMENT

61       GLOBUS_GSSAPI_NAME_COMPATIBILITY
62              This client will, by default, perform a  reverse-DNS  lookup  to
63              determine the FQHN (Fully Qualified Host Name) to use in verify‐
64              ing the identity of the server by checking the FQHN against  the
65              CN   in   server's   certificate.    Setting  this  variable  to
66              STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be  per‐
67              formed  and  the  user-specified  name to be used instead.  This
68              variable setting will be ignored if MYPROXY_SERVER_DN (described
69              later) is set.
70
71       MYPROXY_SERVER
72              Specifies  the  hostname(s)  where the myproxy-server(8) is run‐
73              ning. Multiple hostnames can be specified in a  comma  separated
74              list  with  each  hostname optionally followed by a ':' and port
75              number.  This environment variable can be used in place  of  the
76              -s option.
77
78       MYPROXY_SERVER_PORT
79              Specifies the port where the myproxy-server(8) is running.  This
80              environment variable can be used in place of the -p option.
81
82       MYPROXY_SERVER_DN
83              Specifies the distinguished name (DN) of the  myproxy-server(8).
84              All  MyProxy client programs authenticate the server's identity.
85              By default, MyProxy servers run with host  credentials,  so  the
86              MyProxy  client  programs  expect  the  server to have a distin‐
87              guished name with "/CN=host/<fqhn>" or  "/CN=myproxy/<fqhn>"  or
88              "/CN=<fqhn>"  (where  <fqhn>  is the fully-qualified hostname of
89              the server).  If the server is running with some other  DN,  you
90              can set this environment variable to tell the MyProxy clients to
91              accept the alternative DN. Also see  GLOBUS_GSSAPI_NAME_COMPATI‐
92              BILITY above.
93
94       MYPROXY_TCP_PORT_RANGE
95              Specifies  a  range  of valid port numbers in the form "min,max"
96              for the client side of the network connection to the server.  By
97              default,  the  client will bind to any available port.  Use this
98              environment variable to restrict  the  ports  used  to  a  range
99              allowed  by  your  firewall.   If unset, MyProxy will follow the
100              setting of the GLOBUS_TCP_PORT_RANGE environment variable.
101
102       X509_USER_CERT
103              Specifies a non-standard location for the certificate to be used
104              for authentication to the myproxy-server(8).
105
106       X509_USER_KEY
107              Specifies a non-standard location for the private key to be used
108              for authentication to the myproxy-server(8).
109
110       X509_USER_PROXY
111              Specifies a non-standard location for the proxy credential to be
112              used for authentication to the myproxy-server(8).
113
114       X509_CERT_DIR
115              Specifies a non-standard location for the CA certificates direc‐
116              tory.
117

AUTHORS

119       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
120       authors.
121

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

ENVIRONMENT

AUTHORS

SEE ALSO