1VOMS-PROXY-FAKE(1)                VOMS Client               VOMS-PROXY-FAKE(1)
2
3
4

NAME

6       voms-proxy-fake - create a proxy with VOMS extensions
7

SYNOPSIS

9       voms-proxy-fake [options]
10

DESCRIPTION

12       The voms-proxy-fake generates a proxy containing arbitrary attributes
13       without contacting the VOMS server.
14

OPTIONS

16       Options may be specified indifferently with either a "-" or "--"
17       prefix.
18
19       -help Displays usage.
20
21       -version Displays version.
22
23       -debug Enables extra debug output.
24
25       -q Quiet mode, minimal output.
26
27       -verify Verifies certificate to make proxy for.
28
29       -pwstdin Allows passphrase from stdin.
30
31       -limited Creates a limited proxy.
32
33       -hours H Proxy is valid for H hours (default:12).
34
35       -vomslife H Tries to get an AC with information valid for H hours. The
36       default is "as long as the proxy certificate". The special value 0
37       means as long as the server will allow.
38
39       -bits B Number of bits in key {0|512|1024|2048|4096}. 0 is a special
40       value which means: same number of bits as in the issuing certificate.
41
42       -cert certfile Non-standard location of user certificate
43
44       -key keyfile Non-standard location of user key
45
46       -certdir certdir Location of trusted certificates dir
47
48       -out proxyfile Location of new proxy cert
49
50       -voms voms[:command] Specifies the fake VOMS server that will appear in
51       the attribute certificate. command is ignored and is present for
52       compatibility with voms-proxy-init.
53
54       -include file Includes file in the certificate (in a non critical
55       extension)
56
57       -conf file Read options from file.
58
59       -policy The file containing the policy expression.
60
61       -policy-language pl The language in which the policy is expressed.
62       Default is IMPERSONATION_PROXY.
63
64       -path-length Maximum depth of proxy certfificate that can be signed
65       from this.
66
67       -globus version This option is obsolete and only present for backwards
68       compatibility with old installations. Currently, its value is ignored.
69
70       -proxyver Version of the proxy certificate to create. May be 2 or 3.
71       Default value is decided upon underlying globus version.
72
73       -separate file Saves the voms credential on file file.
74
75       -hostcert file The cert that will be used to sign the AC.
76
77       -hostkey file The key thet will be used to sign the AC.
78
79       -fqan file The string that will be included in the AC as the granted
80       FQAN.
81
82       -newformat
83
84       This forces the server to generate ACs in the new (correct) format.
85       This is meant as a compatibility feature to ease migration while the
86       servers upgrade to the new version.
87
88       -newsubject newdn
89
90       The created proxy will have newdn as subject rather than what is would
91       normally have depending on the specific version of proxy created.
92       Non-printable characters may be specified via the '\XX' encoding, where
93       XX are two hexadecimal characters.
94
95       -newissuer newdn
96
97       The created proxy will have newdn as issuer rather than what is would
98       normally have depending on the specific version of proxy created.
99       Non-printable characters may be specified via the '\XX' encoding, where
100       XX are two hexadecimal characters.
101
102       -newserial newserial
103
104       The created proxy will have the newserial as its serial number. The new
105       serial number will have to be specified as an hex representation. Any
106       length is possible. If this option is not specified, voms-proxy-fake
107       will choose the serial number.
108
109       -pastac timespec
110
111       The created AC will have its validity start in the past, as specified
112       by timespec.
113
114       The format of timespec is one of: seconds, hours:minutes,
115       hours:minutes:seconds
116
117       -pastproxy timespec
118
119       The created proxy will have its validity start in the past as specified
120       by timespec
121
122       The format of timespec is one of: seconds, hours:minutes,
123       hours:minutes:seconds
124
125       -nscert bit,...,bit
126
127       The created proxy will have the specified bits in the Netscape
128       Certificate Extension. Acceptable values for bit are: client, server,
129       email, objsign, sslCA, emailCA, objCA. The default value is not to have
130       this extension.
131
132       -extkeyusage bit,...,bit
133
134       The created proxy will have the specified bits in the Extended Key
135       Usage Extension. Acceptable values for bit are: serverAuth, clientAuth,
136       codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom,
137       msCTLSign, msSGC, msEFS, nsSGC, deltaCRL. The default value is not to
138       have this extensions.
139
140       -keyusage bit,...,bit
141
142       The created proxy will have the specified bits in the Key Usage
143       Extensions. Acceptable values for bit are: digitalSignature,
144       nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement,
145       keyCertSign, cRLSign, encipherOnly, decipherOnly. The default value is
146       to copy this extensions from the issuer certificate while removing the
147       keyCertSign and nonRepudiation bits if present.
148
149       -selfsigned
150
151       The created certificate will be a self-signed certificate and have a
152       CA=true bit in the Basic constraints Exception.
153
154       -extension oid[/criticality]value
155
156       This option allows to specified additional extensions to be put in the
157       created certificate.
158
159       oid is the Object Identifier of the extensions. Any OID may be used
160       even if it is not already known in advance. This must always be
161       specified. There is no default.
162
163       criticality specifies whether the extensions is critical or not, and it
164       must be either true or false. If absent, it defaults to false.
165
166       value is the value of the extensions. It is composed by two subfields,
167       type and content.  type is a single charater, and specifies how the
168       content is interpreted. ':' means that content is a text string to be
169       included as is. '~' means that content is an hex representation of the
170       string. '+' means that content is the name of a file which will contain
171       the actual data.
172
173       -acextension oid[/criticality]value
174
175       This option allows to specified additional extensions to be put in the
176       created attribute certificate.
177
178       oid is the Object Identifier of the extensions. Any OID may be used
179       even if it is not already known in advance. This must always be
180       specified. There is no default.
181
182       criticality specifies whether the extensions is critical or not, and it
183       must be either true or false. If absent, it defaults to false.
184
185       value is the value of the extensions. It is composed by two subfields,
186       type and content.  type is a single charater, and specifies how the
187       content is interpreted. ':' means that content is a text string to be
188       included as is. '~' means that content is an hex representation of the
189       string. '+' means that content is the name of a file which will contain
190       the actual data.
191
192       -ga id = value [(qualifier)]
193
194       This option adds the generic attribute specified to the AC generated.
195       Please note that spaces before and after the '=' char are swallowed in
196       the command line.
197
198       -voinfo file
199
200       The file file contains informations for additional ACs that should be
201       included in the created proxy. ACs specified via the -voinfo option
202       shall be added before ACs specified via the command line options.
203
204       The format of the file is the following:
205
206       [voname]
207
208       parameter=value
209
210       parameter=value
211
212       ...
213

BUGS

215       EGEE Bug Tracking Tool[1]
216

SEE ALSO

218       voms-proxy-fake(1), voms-proxy-init(1), voms-proxy-info(1),
219       voms-proxy-destroy(1)
220
221       EDT Auth Home page[2]
222
223       CVSweb[3]
224
225       RPM repository[4]
226

AUTHORS

228       Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.
229
230       Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.
231

COPYRIGHT

233       Copyright (c) Members of the EGEE Collaboration. 2004. See the
234       beneficiaries list for details on the copyright holders.
235
236       Licensed under the Apache License, Version 2.0 (the "License"); you may
237       not use this file except in compliance with the License. You may obtain
238       a copy of the License at
239
240       www.apache.org/licenses/LICENSE-2.0[5]
241
242       Unless required by applicable law or agreed to in writing, software
243       distributed under the License is distributed on an "AS IS" BASIS,
244       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
245       implied. See the License for the specific language governing
246       permissions and limitations under the License.
247

NOTES

249        1. EGEE Bug Tracking Tool
250           https://savannah.cern.ch/projects/jra1mdw/
251
252        2. EDT Auth Home page
253           http://grid-auth.infn.it
254
255        3. CVSweb
256           http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms
257
258        4. RPM repository
259           http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3
260
261        5. www.apache.org/licenses/LICENSE-2.0
262           http://www.apache.org/licenses/LICENSE-2.0
263
264
265
266VOMS Client                       05/03/2021                VOMS-PROXY-FAKE(1)