Provided by: nordugrid-arc-client_6.4.1-1build2_amd64 bug

NAME

       arcproxy - ARC Credentials Proxy generation utility

SYNOPSIS

       arcproxy [OPTION]

DESCRIPTION

       arcproxy generates proxy credentials (general proxy certificate, or proxy certificate with
       VOMS AC extenstion) from private key and certificate of user.

OPTIONS

       -h     prints short usage description

       -P filename
              location of the generated proxy file

       -C     location of X509 certificate file, the file can  be  either  pem,  der,  or  pkcs12
              formated;  if  this option is not set, then env X509_USER_CERT will be searched; if
              X509_USER_CERT env is not set, then certificatepath item  in  client.conf  will  be
              searched;  if the location still is not found, then ~/.arc/, ~/.globus/, ./etc/arc,
              and ./ will be searched.

       -K     location of private key file, if the certificate is in pkcs12 format, then no  need
              to  give  private  key;  if  this option is not set, then env X509_USER_KEY will be
              searched; if X509_USER_KEY env is not set, then keypath item in client.conf will be
              searched;  if the location still is not found, then ~/.arc/, ~/.globus/, ./etc/arc,
              and ./ will be searched.

       -T     path to trusted certificate directory, only needed for VOMS  client  functionality;
              if   this  option  is  not  set,  then  env  X509_CERT_DIR  will  be  searched;  if
              X509_CERT_DIR env is not set, then cacertificatesdirectory item in client.conf will
              be searched.

       -s     path   to  top  directory  of  VOMS  *.lsc  files,  only  needed  for  VOMS  client
              functionality

       -V     path to VOMS server configuration file, only needed for VOMS  client  functionality
              if  the  path  is  a  directory  rather  than  a  file, all of the files under this
              directory will be searched

       -S     voms<:command>. Specify VOMS server.
                            :command is optional, and is used to ask for specific attributes(e.g:
              roles)
                            command option is:
                            all --- put all of this DN's attributes into AC;
                            list ---list all of the DN's attribute,will not create AC extension;
                            /Role=yourRole --- specify the role, if this DN
                                             has such a role, the role will be put into AC
                            /voname/groupname/Role=yourRole  --- specify the vo,group and role if
              this DN
                                             has such a role, the role will be put into AC

       -o     group<:role>. Specify ordering of attributes.
                            Example:                                                      --order
              /knowarc.eu/coredev:Developer,/knowarc.eu/testers:Tester
                            or:        --order        /knowarc.eu/coredev:Developer       --order
              /knowarc.eu/testers:Tester
                            Note that it does not make sense to specify the order if you have two
              or more different VOMS server specified

       -G     use GSI communication protocol for contacting VOMS services

       -H     use  HTTP  communication protocol for contacting VOMS services that provide RESTful
              access
                            Note for RESTful access, 'list' command and multiple VOMS server  are
              not supported

       -O     this option is not functional anymore (old GSI proxies are not supported)

       -I     print all information about this proxy.
                            In order to show the Identity (DN without CN as subfix for proxy)
                            of the certificate, the 'trusted certdir' is needed.

       -i     print  selected information about this proxy. Currently following information items
              are supported:

              subject - subject name of proxy certificate.

              identity - identity subject name of proxy certificate.

              issuer - issuer subject name of proxy certificate.

              ca - subject name of CA which issued initial certificate.

              path - file system path to file containing proxy.

              type - type of proxy certificate.

              validityStart - timestamp when proxy validity starts.

              validityEnd - timestamp when proxy validity ends.

              validityPeriod - duration of proxy validity in seconds.

              validityLeft - duration of proxy validity left in seconds.

              vomsVO - VO name  represented by VOMS attribute.

              vomsSubject - subject of certificate for which VOMS attribute is issued.

              vomsIssuer - subject of service which issued VOMS certificate.

              vomsACvalidityStart - timestamp when VOMS attribute validity starts.

              vomsACvalidityEnd - timestamp when VOMS attribute validity ends.

              vomsACvalidityPeriod - duration of VOMS attribute validity in seconds.

              vomsACvalidityLeft - duration of VOMS attribute validity left in seconds.

              proxyPolicy

              keybits - size of proxy certificate key in bits.

              signingAlgorithm - algorithm used to sign proxy certificate.

              Items are printed in requested order and are separated  by  newline.  If  item  has
              multiple values they are printed in same line separated by |.

       -r     Remove the proxy file.

       -U     Username to myproxy server.

       -N     don't  prompt  for  a  credential  passphrase,  when  retrieve a credential from on
              MyProxy server.
                            The precondition of this choice is the credential is PUT onto
                            the   MyProxy   server   without   a   passphrase   by    using    -R
              (--retrievable_by_cert)
                            option when being PUTing onto Myproxy server.
                            This  option  is specific for the GET command when contacting Myproxy
              server.

       -R     Allow specified entity to retrieve credential without passphrase.
                            This option is specific for the PUT command when  contacting  Myproxy
              server.

       -L     hostname of myproxy server optionally followed by colon and port number, e.g.
                            example.org:7512. If the port number has not
                            been specified, 7512 is used by default.

       -M     command to myproxy server. The command can be PUT and GET.
                            PUT/put -- put a delegated credential to myproxy server;
                            GET/get -- get a delegated credential from myproxy server,
                            credential (certificate and key) is not needed in this case;
                            myproxy functionality can be used together with VOMS functionality.
                            voms and vomses can be used for Get command if VOMS attributes
                            is required to be included in the proxy.

       -F     use NSS credential DB in default Mozilla profiles, including Firefox, Seamonkey and
              Thunderbird.

       -c     constraints of proxy certificate. Currently following constraints are supported:

              validityStart=time - time when certificate becomes valid. Default is now.

              validityEnd=time - time when certificate becomes  invalid.  Default  is  43200  (12
              hours) from start for local proxy and 7 days for delegated to MyProxy.

              validityPeriod=time  -  for  how  long  certificate  is valid. Default is 43200 (12
              hours)for local proxy and 7 days for delegated to MyProxy.

              vomsACvalidityPeriod=time - for how long the AC is valid.  Default  is  shorter  of
              validityPeriod and 12 hours.

              myproxyvalidityPeriod=time  -  lifetime  of  proxies  delegated  by myproxy server.
              Default is shorter of validityPeriod and 12 hours.

              proxyPolicy=policy content - assigns specified string to proxy policy to limit it's
              functionality.

              keybits=number - length of the key to generate. Default is 2048 bits. Special value
              'inherit' is to use key length of signing certificate.

              signingAlgorithm=name - signing algorithm to use for signing public key  of  proxy.
              Default is sha1. Possible values are sha1, sha2 (alias for sha256), sha224, sha256,
              sha384, sha512 and inherit (use algorithm of signing certificate).

       -p     password destination=password source. Supported password destinations are:

              key - for reading private key

              myproxy - for accessing credentials at MyProxy service

              myproxynew - for creating credentials at MyProxy service

              all - for any purspose.

              Supported password sources are:

              quoted string ("password") - explicitly specified password

              int - interactively request password from console

              stdin - read password from standard input delimited by newline

              file:filename - read password from file named filename

              stream:# - read password from input stream number #.  Currently  only  0  (standard
              input) is supported.

       -t     timeout in seconds (default 20)

       -z     configuration file (default ~/.arc/client.conf)

       -d     level  of  information  printed. Possible values are DEBUG, VERBOSE, INFO, WARNING,
              ERROR and FATAL.

       -v     print version information

       If location of certificate and key are not exlicitly specified  they  are  looked  for  in
       following location and order:

       Key/certificate   paths   specified   by   the  environment  variables  X509_USER_KEY  and
       X509_USER_CERT respectively.

       Paths specified in configuration file.

       ~/.arc/usercert.pem and ~/.arc/userkey.pem for certificate and key respectively.

       ~/.globus/usercert.pem and ~/.globus/userkey.pem for certificate and key respectively.

       If destination location of proxy file is  not  specified,  the  value  of  X509_USER_PROXY
       environment variable is used explicitly.  If no value is provided, the default location is
       used - <TEMPORARY DIRECTORY>/x509up_u<USER ID>.  Here TEMPORARY DIRECTORY is derived  from
       environment variables TMPDIR, TMP, TEMP or default location /tmp is used.

REPORTING BUGS

       Report bugs to http://bugzilla.nordugrid.org/

ENVIRONMENT VARIABLES

       ARC_LOCATION
              The  location  where  ARC  is  installed  can be specified by this variable. If not
              specified the install location will be determined from  the  path  to  the  command
              being  executed,  and  if  this  fails a WARNING will be given stating the location
              which will be used.

       ARC_PLUGIN_PATH
              The location of ARC plugins can be specified by this variable.  Multiple  locations
              can  be  specified  by separating them by : (; in Windows). The default location is
              $ARC_LOCATION/lib/arc (\ in Windows).

COPYRIGHT

       APACHE LICENSE Version 2.0

FILES

       /etc/vomses
              Common file containing a list of selected VO contact point, one VO  per  line,  for
              example:

              "gin"                           "kuiken.nikhef.nl"                          "15050"
              "/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"

              "nordugrid.org"                      "voms.uninett.no"                      "15015"
              "/O=Grid/O=NorduGrid/CN=host/voms.ndgf.org" "nordugrid.org"

       ~/.voms/vomses
              Same as /etc/vomses but located in user's home area. If exists, has precedence over
              /etc/vomses

              The order of the parsing of vomses location is:

                     1. command line options
                     2. client configuration file ~/.arc/client.conf
                     3. $X509_VOMSES  or $X509_VOMS_FILE
                     4. ~/.arc/vomses
                     5. ~/.voms/vomses
                     6. $ARC_LOCATION/etc/vomses  (this is for Windows environment)
                     7. $ARC_LOCATION/etc/grid-security/vomses  (this is for Windows environment)
                     8. $PWD/vomses
                     9. /etc/vomses
                     10. /etc/grid-security/vomses

       ~/.arc/client.conf
              Some options can be given default values by  specifying  them  in  the  ARC  client
              configuration  file.  By using the --conffile option a different configuration file
              can be used than the default.

AUTHOR

       ARC software is  developed  by  the  NorduGrid  Collaboration  (http://www.nordugrid.org),
       please  consult  the  AUTHORS  file  distributed  with ARC. Please report bugs and feature
       requests to http://bugzilla.nordugrid.org

SEE ALSO

       arccat(1),   arcclean(1),   arccp(1),   arcget(1),   arcinfo(1),   arckill(1),   arcls(1),
       arcmkdir(1),  arcrenew(1),  arcresub(1),  arcresume(1),  arcrm(1),  arcstat(1), arcsub(1),
       arcsync(1), arctest(1)