1myproxy-retrieve(1)                 MyProxy                myproxy-retrieve(1)
2
3
4

NAME

6       myproxy-retrieve - retrieve an end-entity credential
7

SYNOPSIS

9       myproxy-retrieve [ options ]
10

DESCRIPTION

12       The  myproxy-retrieve  command retrieves a credential directly from the
13       myproxy-server(8) that was previously stored using  myproxy-init(1)  or
14       myproxy-store(1).   Unlike myproxy-logon(1), this command transfers the
15       private key in the repository over the network (over  a  private  chan‐
16       nel).   To  obtain  a  proxy  credential,  we  recommend using myproxy-
17       logon(1) instead.
18
19       In the default mode, the command prompts for the pass phrase associated
20       with the credential to be retrieved and stores the retrieved credential
21       in    the    standard    location    (    ~/.globus/usercert.pem    and
22       ~/.globus/userkey.pem).  You could then run grid-proxy-init to create a
23       proxy credential from the retrieved credentials.
24

OPTIONS

26       -h, --help
27              Displays command usage text and exits.
28
29       -u, --usage
30              Displays command usage text and exits.
31
32       -v, --verbose
33              Enables verbose debugging output to the terminal.
34
35       -V, --version
36              Displays version information and exits.
37
38       -s hostname[:port], --pshost hostname[:port]
39              Specifies the hostname(s) of  the  myproxy-server(s).   Multiple
40              hostnames,  each  hostname optionally followed by a ':' and port
41              number, may be specified in a comma-separated list.  This option
42              is  required  if  the MYPROXY_SERVER environment variable is not
43              defined.  If specified, this option overrides the MYPROXY_SERVER
44              environment variable. If a port number is specified with a host‐
45              name,  it  will  override  the  -p  option  as   well   as   the
46              MYPROXY_SERVER_PORT environment variable for that host.
47
48       -p port, --psport port
49              Specifies   the   TCP  port  number  of  the  myproxy-server(8).
50              Default: 7512
51
52       -l username, --username username
53              Specifies the MyProxy account  under  which  the  credential  to
54              retrieve  is  stored.  By default, the command uses the value of
55              the LOGNAME environment variable.  Use this option to specify  a
56              different  account  username on the MyProxy server.  The MyProxy
57              username need not correspond to a real Unix username.
58
59       -d, --dn_as_username
60              Use the  certificate  subject  (DN)  as  the  default  username,
61              instead of the LOGNAME environment variable.  When used with the
62              -a option, the certificate subject of the authorization  creden‐
63              tial is used.  Otherwise, the certificate subject of the default
64              credential is used.
65
66       -t hours, --proxy_lifetime hours
67              Specifies  the  lifetime  of  credentials  retrieved  from   the
68              myproxy-server(8)  using  the  stored credential.  The resulting
69              lifetime is the shorter of the requested lifetime and the  life‐
70              time  specified  when  the  credential was stored using myproxy-
71              init(1).  Default: 12 hours
72
73       -c filename, --certfile filename
74              Specifies  the  filename  of  where  the   certificate  will  be
75              stored.
76
77       -y filename, --keyfile filename
78              Specifies the filename of where the private  key will be stored.
79
80       -a file, --authorization file
81              Use  this  option  to specify an existing, valid credential that
82              you want to renew.  Renewing a credential generally requires two
83              certificate-based  authentications.   The  client  authenticates
84              with its identity, using the credential in the standard location
85              or   specified   by   X509_USER_PROXY   or   X509_USER_CERT  and
86              X509_USER_KEY in addition to authenticating  with  the  existing
87              credential,  in  the  location specified by this option, that it
88              wants to renew.
89
90       -k name, --credname name
91              Specifies the name of the credential that is to be retrieved  or
92              renewed.
93
94       -S, --stdin_pass
95              By  default,  the command prompts for a passphrase and reads the
96              passphrase from the active tty.  When running the  command  non-
97              interactively,  there may be no associated tty.  Specifying this
98              option tells the command to read passphrases from standard input
99              without prompts or confirmation.
100
101       -T, --trustroots
102              Retrieve CA certificates directory from server (if available) to
103              store in the location specified by the X509_CERT_DIR environment
104              variable if set or /etc/grid-security/certificates if running as
105              root or ~/.globus/certificates if running as non-root.
106
107       -n, --no_passphrase
108              Don't prompt for a credential passphrase.  Use other methods for
109              authentication, such as Kerberos ticket or X.509 certificate.
110

EXIT STATUS

112       0 on success, >0 on error
113

ENVIRONMENT

115       GLOBUS_GSSAPI_NAME_COMPATIBILITY
116              This  client  will,  by default, perform a reverse-DNS lookup to
117              determine the FQHN (Fully Qualified Host Name) to use in verify‐
118              ing  the identity of the server by checking the FQHN against the
119              CN  in  server's  certificate.    Setting   this   variable   to
120              STRICT_RFC2818  will cause the reverse-DNS lookup to NOT be per‐
121              formed and the user-specified name to  be  used  instead.   This
122              variable setting will be ignored if MYPROXY_SERVER_DN (described
123              later) is set.
124
125       MYPROXY_SERVER
126              Specifies the hostname(s) where the  myproxy-server(8)  is  run‐
127              ning.  Multiple  hostnames can be specified in a comma separated
128              list with each hostname optionally followed by a  ':'  and  port
129              number.   This  environment variable can be used in place of the
130              -s option.
131
132       MYPROXY_SERVER_PORT
133              Specifies the port where the myproxy-server(8) is running.  This
134              environment variable can be used in place of the -p option.
135
136       MYPROXY_SERVER_DN
137              Specifies  the distinguished name (DN) of the myproxy-server(8).
138              All MyProxy client programs authenticate the server's  identity.
139              By  default,  MyProxy  servers run with host credentials, so the
140              MyProxy client programs expect the  server  to  have  a  distin‐
141              guished  name  with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or
142              "/CN=<fqhn>" (where <fqhn> is the  fully-qualified  hostname  of
143              the  server).   If the server is running with some other DN, you
144              can set this environment variable to tell the MyProxy clients to
145              accept  the alternative DN. Also see GLOBUS_GSSAPI_NAME_COMPATI‐
146              BILITY above.
147
148       MYPROXY_TCP_PORT_RANGE
149              Specifies a range of valid port numbers in  the  form  "min,max"
150              for the client side of the network connection to the server.  By
151              default, the client will bind to any available port.   Use  this
152              environment  variable  to  restrict  the  ports  used to a range
153              allowed by your firewall.  If unset,  MyProxy  will  follow  the
154              setting of the GLOBUS_TCP_PORT_RANGE environment variable.
155
156       X509_USER_CERT
157              Specifies a non-standard location for the certificate to be used
158              for authentication to the myproxy-server(8).  Also specifies the
159              location  for  where  the  retrieved  certificate will be stored
160              unless the -c option is given.
161
162       X509_USER_KEY
163              Specifies a non-standard location for the private key to be used
164              for authentication to the myproxy-server(8).  Also specifies the
165              location for where the retrieved  private  key  will  be  stored
166              unless the -y option is given.
167
168       X509_USER_PROXY
169              Specifies a non-standard location for the proxy credential to be
170              used for authentication to the myproxy-server(8).
171
172       X509_CERT_DIR
173              Specifies a non-standard location for the CA certificates direc‐
174              tory.
175

AUTHORS

177       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
178       authors.
179

SEE ALSO

181       myproxy-change-pass-phrase(1),  myproxy-destroy(1),  myproxy-get-trust‐
182       roots(1),  myproxy-info(1), myproxy-init(1), myproxy-logon(1), myproxy-
183       store(1), myproxy-server.config(5), myproxy-admin-adduser(8),  myproxy-
184       admin-change-pass(8),  myproxy-admin-load-credential(8), myproxy-admin-
185       query(8), myproxy-server(8)
186
187
188
189MyProxy                            2009-12-1               myproxy-retrieve(1)
Impressum