1myproxy-admin-load-credential(8)    MyProxy   myproxy-admin-load-credential(8)
2
3
4

NAME

6       myproxy-admin-load-credential - directly load repository
7

SYNOPSIS

9       myproxy-admin-load-credential [ options ]
10

DESCRIPTION

12       The  myproxy-admin-load-credential command stores a credential directly
13       in the local MyProxy repository.  It must be run from the account  that
14       owns  the  repository.   Many  of  the  options are similar to myproxy-
15       init(1).  However, unlike  myproxy-init,  myproxy-admin-load-credential
16       does not create a proxy from the source credential but instead directly
17       loads a copy of the source credential into the  repository.   The  pass
18       phrase  of  the  source  credential  is  unchanged.  Use myproxy-admin-
19       change-pass(8) to change the pass phrase after the credential is stored
20       if  desired.   Proxy  credentials with default lifetime of 12 hours can
21       then be retrieved by myproxy-logon(1)  using  the  MyProxy  passphrase.
22       The command's behavior is controlled by the following options.
23

OPTIONS

25       -h, --help
26              Displays command usage text and exits.
27
28       -u, --usage
29              Displays command usage text and exits.
30
31       -v, --verbose
32              Enables verbose debugging output to the terminal.
33
34       -V, --version
35              Displays version information and exits.
36
37       -s dir, --storage dir
38              Specifies the location of the credential storage directory.  The
39              directory must be  accessible  only  by  the  user  running  the
40              myproxy-server   process   for   security   reasons.    Default:
41              /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
42
43       -c filename, --certfile filename
44              Specifies the filename of the source  certificate.   This  is  a
45              required parameter.
46
47       -y filename, --keyfile filename
48              Specifies  the  filename  of  the source private key.  This is a
49              required parameter.  If the private key  is  encrypted,  MyProxy
50              clients  will  be  required to give the encryption passphrase to
51              access the key.  When used with -R or -Z, it is common  for  the
52              private  key  to not be encrypted, so MyProxy clients can access
53              the credentials using only certificate-based authentication  and
54              authorization.
55
56       -l username, --username username
57              Specifies  the MyProxy account under which the credential should
58              be stored.  By default, the command uses the value of  the  LOG‐
59              NAME environment variable.  Use this option to specify a differ‐
60              ent account username on the MyProxy server.  The  MyProxy  user‐
61              name need not correspond to a real Unix username.
62
63       -t hours, --proxy_lifetime hours
64              Specifies the maximum lifetime of credentials retrieved from the
65              myproxy-server(8) using  the  stored  credential.   Default:  12
66              hours
67
68       -d, --dn_as_username
69              Use the certificate subject (DN) as the username.
70
71       -a, --allow_anonymous_retrievers
72              Allow  credentials to be retrieved with just pass phrase authen‐
73              tication.  By default, only entities with credentials that match
74              the   myproxy-server.config(5)   default  retriever  policy  may
75              retrieve  credentials.   This  option  allows  entities  without
76              existing  credentials to retrieve a credential using pass phrase
77              authentication by including "anonymous" in the  set  of  allowed
78              retrievers.   The  myproxy-server.config(5)  server-wide  policy
79              must also allow "anonymous" clients for this option to  have  an
80              effect.
81
82       -A, --allow_anonymous_renewers
83              Allow  credentials to be renewed by any client.  Any client with
84              a valid credential with a subject name that matches  the  stored
85              credential may retrieve a new credential from the MyProxy repos‐
86              itory if this option is given.  Since this  effectively  defeats
87              the  purpose  of  proxy  credential  lifetimes, it is not recom‐
88              mended.  It is included only for sake of completeness.
89
90       -r name, --retrievable_by name
91              Allow the specified entity to retrieve credentials.  See -x  and
92              -X options for controlling name matching behavior.
93
94       -E name, --retrieve_key name
95              Allow  the  specified entity to retrieve end-entity credentials.
96              See -x and -X options for controlling name matching behavior.
97
98       -R name, --renewable_by name
99              Allow the specified entity to renew credentials.  See -x and  -X
100              options for controlling name matching behavior.
101
102       -Z name, --retrievable_by_cert name
103              Allow  the  specified  entity  to retrieve credentials without a
104              passphrase.  See -x and -X options for controlling name matching
105              behavior.
106
107       -x, --regex_dn_match
108              Specifies that names used with following options -r, -E, -R, and
109              -Z will be matched against the full certificate subject  distin‐
110              guished  name  (DN) according to REGULAR EXPRESSIONS in myproxy-
111              server.config(5).
112
113       -X, --match_cn_only
114              Specifies that names used with following options -r, -E, -R, and
115              -Z  will  be matched against the certificate subject common name
116              (CN) according to  REGULAR  EXPRESSIONS  in  myproxy-server.con‐
117              fig(5).  For example, if an argument of -r "Jim Basney" is spec‐
118              ified, then the resulting  policy  will  be  "*/CN=Jim  Basney".
119              This is the default behavior.
120
121       -k name, --credname name
122              Specifies the credential name.
123
124       -K description, --creddesc description
125              Specifies credential description.
126

EXIT STATUS

128       0 on success, >0 on error
129

AUTHORS

131       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy
132       authors.
133

SEE ALSO

135       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),
136       myproxy-init(1),    myproxy-logon(1),   myproxy-retrieve(1),   myproxy-
137       store(1), myproxy-server.config(5), myproxy-admin-adduser(8),  myproxy-
138       admin-change-pass(8), myproxy-admin-query(8), myproxy-server(8)
139
140
141
142MyProxy                           2011-09-05  myproxy-admin-load-credential(8)
Impressum