1myproxy-admin-load-credential(8) MyProxy myproxy-admin-load-credential(8)
2
3
4
6 myproxy-admin-load-credential - directly load repository
7
9 myproxy-admin-load-credential [ options ]
10
12 The myproxy-admin-load-credential command stores a credential directly
13 in the local MyProxy repository. It must be run from the account that
14 owns the repository. Many of the options are similar to myproxy-
15 init(1). However, unlike myproxy-init, myproxy-admin-load-credential
16 does not create a proxy from the source credential but instead directly
17 loads a copy of the source credential into the repository. The pass
18 phrase of the source credential is unchanged. Use myproxy-admin-
19 change-pass(8) to change the pass phrase after the credential is stored
20 if desired. Proxy credentials with default lifetime of 12 hours can
21 then be retrieved by myproxy-logon(1) using the MyProxy passphrase.
22 The command's behavior is controlled by the following options.
23
25 -h, --help
26 Displays command usage text and exits.
27
28 -u, --usage
29 Displays command usage text and exits.
30
31 -v, --verbose
32 Enables verbose debugging output to the terminal.
33
34 -V, --version
35 Displays version information and exits.
36
37 -s dir, --storage dir
38 Specifies the location of the credential storage directory. The
39 directory must be accessible only by the user running the
40 myproxy-server process for security reasons. Default:
41 /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
42
43 -c filename, --certfile filename
44 Specifies the filename of the source certificate. This is a
45 required parameter.
46
47 -y filename, --keyfile filename
48 Specifies the filename of the source private key. This is a
49 required parameter. If the private key is encrypted, MyProxy
50 clients will be required to give the encryption passphrase to
51 access the key. When used with -R or -Z, it is common for the
52 private key to not be encrypted, so MyProxy clients can access
53 the credentials using only certificate-based authentication and
54 authorization.
55
56 -l username, --username username
57 Specifies the MyProxy account under which the credential should
58 be stored. By default, the command uses the value of the LOG‐
59 NAME environment variable. Use this option to specify a differ‐
60 ent account username on the MyProxy server. The MyProxy user‐
61 name need not correspond to a real Unix username.
62
63 -t hours, --proxy_lifetime hours
64 Specifies the maximum lifetime of credentials retrieved from the
65 myproxy-server(8) using the stored credential. Default: 12
66 hours
67
68 -d, --dn_as_username
69 Use the certificate subject (DN) as the username.
70
71 -a, --allow_anonymous_retrievers
72 Allow credentials to be retrieved with just pass phrase authen‐
73 tication. By default, only entities with credentials that match
74 the myproxy-server.config(5) default retriever policy may
75 retrieve credentials. This option allows entities without
76 existing credentials to retrieve a credential using pass phrase
77 authentication by including "anonymous" in the set of allowed
78 retrievers. The myproxy-server.config(5) server-wide policy
79 must also allow "anonymous" clients for this option to have an
80 effect.
81
82 -A, --allow_anonymous_renewers
83 Allow credentials to be renewed by any client. Any client with
84 a valid credential with a subject name that matches the stored
85 credential may retrieve a new credential from the MyProxy repos‐
86 itory if this option is given. Since this effectively defeats
87 the purpose of proxy credential lifetimes, it is not recom‐
88 mended. It is included only for sake of completeness.
89
90 -r name, --retrievable_by name
91 Allow the specified entity to retrieve credentials. See -x and
92 -X options for controlling name matching behavior.
93
94 -E name, --retrieve_key name
95 Allow the specified entity to retrieve end-entity credentials.
96 See -x and -X options for controlling name matching behavior.
97
98 -R name, --renewable_by name
99 Allow the specified entity to renew credentials. See -x and -X
100 options for controlling name matching behavior.
101
102 -Z name, --retrievable_by_cert name
103 Allow the specified entity to retrieve credentials without a
104 passphrase. See -x and -X options for controlling name matching
105 behavior.
106
107 -x, --regex_dn_match
108 Specifies that names used with following options -r, -E, -R, and
109 -Z will be matched against the full certificate subject distin‐
110 guished name (DN) according to REGULAR EXPRESSIONS in myproxy-
111 server.config(5).
112
113 -X, --match_cn_only
114 Specifies that names used with following options -r, -E, -R, and
115 -Z will be matched against the certificate subject common name
116 (CN) according to REGULAR EXPRESSIONS in myproxy-server.con‐
117 fig(5). For example, if an argument of -r "Jim Basney" is spec‐
118 ified, then the resulting policy will be "*/CN=Jim Basney".
119 This is the default behavior.
120
121 -k name, --credname name
122 Specifies the credential name.
123
124 -K description, --creddesc description
125 Specifies credential description.
126
128 0 on success, >0 on error
129
131 See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
132 authors.
133
135 myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1),
136 myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-
137 store(1), myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-
138 admin-change-pass(8), myproxy-admin-query(8), myproxy-server(8)
139
140
141
142MyProxy 2011-09-05 myproxy-admin-load-credential(8)