Provided by: myproxy_5.5-1_i386 bug


       myproxy-logon - retrieve a credential


       myproxy-logon [ options ]

       myproxy-get-delegation [ options ]


       The  myproxy-logon  command  retrieves  a  proxy  credential  from  the
       myproxy-server(8) that was previously stored using  myproxy-init(1)  or
       myproxy-store(1).   It  can  also  be  used to retrieve short-lived end
       entity credentials from a myproxy-server(8)  configured  to  act  as  a
       Certificate  Authority.   In  the default mode, the command prompts for
       the MyProxy pass phrase associated with the credential to be  retrieved
       and  stores  the  retrieved credential in the location specified by the
       X509_USER_PROXY environment  variable  or  /tmp/x509up_u<uid>  if  that
       environment variable is not set.

       The myproxy-logon command is also available under the name myproxy-get-
       delegation for backward compatibility.


       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies the hostname(s) of  the  myproxy-server(s).   Multiple
              hostnames,  each  hostname optionally followed by a ':' and port
              number, may be specified in a comma-separated list.  This option
              is  required  if  the MYPROXY_SERVER environment variable is not
              defined.  If specified, this option overrides the MYPROXY_SERVER
              environment  variable.  If  a  port  number  is specified with a
              hostname, it  will  override  the  -p  option  as  well  as  the
              MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies   the   TCP  port  number  of  the  myproxy-server(8).
              Default: 7512

       -l username, --username username
              Specifies the MyProxy account  under  which  the  credential  to
              retrieve  is  stored.  By default, the command uses the value of
              the LOGNAME environment variable.  Use this option to specify  a
              different  account  username on the MyProxy server.  The MyProxy
              username need not correspond to a real Unix username.

       -d, --dn_as_username
              Use the  certificate  subject  (DN)  as  the  default  username,
              instead of the LOGNAME environment variable.  When used with the
              -a  option,  the  certificate  subject  of   the   authorization
              credential  is  used.  Otherwise, the certificate subject of the
              default credential is used.

       -t hours, --proxy_lifetime hours
              Specifies  the  lifetime  of  credentials  retrieved  from   the
              myproxy-server(8)  using  the  stored credential.  The resulting
              lifetime is the  shorter  of  the  requested  lifetime  and  the
              lifetime specified when the credential was stored using myproxy-
              init(1).  Default: 12 hours

       -o file, --out file
              Specifies where the retrieved proxy credential should be stored.
              If  this  option  is not specified, the proxy credential will be
              stored  in  the  location  specified  by   the   X509_USER_PROXY
              environment  variable  or /tmp/x509up_u<uid> if that environment
              variable is not set.  To write the credential to  the  command's
              standard output rather than to a file, use -o -.

       -a file, --authorization file
              Use  this  option  to specify an existing, valid credential that
              you want to renew.  Renewing a credential generally requires two
              certificate-based  authentications.   The  client  authenticates
              with its identity, using the credential in the standard location
              or  specified  by  the  X509_USER_PROXY  or  X509_USER_CERT  and
              X509_USER_KEY   environment    variables    in    addition    to
              authenticating  with  the  existing  credential, in the location
              specified by this option, that it wants to renew.

       -k name, --credname name
              Specifies the name of the credential that is to be retrieved  or

       -S, --stdin_pass
              By  default,  the command prompts for a passphrase and reads the
              passphrase from the active tty.  When running the  command  non-
              interactively,  there may be no associated tty.  Specifying this
              option tells the command to read passphrases from standard input
              without prompts or confirmation.

       -n, --no_passphrase
              Don't prompt for a credential passphrase.  Use other methods for
              authentication, such as Kerberos ticket  or  X.509  certificate.
              This  option is implied by -a since passphrase authentication is
              not used for credential renewal.

       -T, --trustroots
              Retrieve CA certificates directory from server (if available) to
              store in the location specified by the X509_CERT_DIR environment
              variable if set or /etc/grid-security/certificates if running as
              root or ~/.globus/certificates if running as non-root.

       -b, --bootstrap
              Unless  this  option  is  specified,  then  if the X509_CERT_DIR
              exists and the CA that signed the myproxy-server(8)  certificate
              is  not  trusted,  myproxy-logon  will  fail  with  an error, to
              protect against man-in-the-middle attacks.   If,  however,  this
              option  is  specified,  myproxy-logon  will  accept  the  CA  to
              bootstrap trust.  This option implies -T.

       -q, --quiet
              Only write output messages on error.

       -N, --no_credentials
              Authenticate only.  Don't retrieve credentials.

       -m voms, --voms voms
              Add VOMS attributes to the credential by running voms-proxy-init
              on  the  client-side  after  retrieving  the credential from the
              myproxy-server(8).  The  VOMS  VO  name  must  be  provided,  as
              required  by voms-proxy-init -voms.  The voms-proxy-init command
              must also be installed and configured to use this  option.   For
              example,  the  VOMS_USERCONF environment variable may need to be
              set for voms-proxy-init to run correctly.

       -Q file, --certreq file
              Specify the path to a PEM formatted certificate request  to  use
              when requesting a certificate from the myproxy-server(8), rather
              than allowing myproxy-logon to  generate  the  private  key  and
              certificate  request  itself.   In this case, myproxy-logon will
              not output a  private  key  but  will  only  output  the  signed
              certificate  and  (as  needed)  certificate  chain.  To read the
              certificate request from standard input rather than from a file,
              use -Q -.


       0 on success, >0 on error


              This  client  will,  by default, perform a reverse-DNS lookup to
              determine the  FQHN  (Fully  Qualified  Host  Name)  to  use  in
              verifying  the  identity  of  the  server  by  checking the FQHN
              against the CN in server's certificate.  Setting  this  variable
              to  STRICT_RFC2818  will  cause the reverse-DNS lookup to NOT be
              performed and the user-specified name to be used instead.   This
              variable setting will be ignored if MYPROXY_SERVER_DN (described
              later) is set.

              Specifies  the  hostname(s)  where  the   myproxy-server(8)   is
              running.   Multiple  hostnames  can  be  specified  in  a  comma
              separated list with each hostname optionally followed by  a  ':'
              and port number.  This environment variable can be used in place
              of the -s option.

              Specifies the port where the myproxy-server(8) is running.  This
              environment variable can be used in place of the -p option.

              Specifies  the distinguished name (DN) of the myproxy-server(8).
              All MyProxy client programs authenticate the server's  identity.
              By  default,  MyProxy  servers run with host credentials, so the
              MyProxy  client  programs  expect   the   server   to   have   a
              distinguished      name      with      "/CN=host/<fqhn>"      or
              "/CN=myproxy/<fqhn>" or "/CN=<fqhn>" (where <fqhn> is the fully-
              qualified  hostname  of  the  server).  If the server is running
              with some other DN, you can set  this  environment  variable  to
              tell  the MyProxy clients to accept the alternative DN. Also see

              Specifies a range of valid port numbers in  the  form  "min,max"
              for the client side of the network connection to the server.  By
              default, the client will bind to any available port.   Use  this
              environment  variable  to  restrict  the  ports  used to a range
              allowed by your firewall.  If unset,  MyProxy  will  follow  the
              setting of the GLOBUS_TCP_PORT_RANGE environment variable.

              Specifies a non-standard location for the certificate to be used
              for authentication to the myproxy-server(8).

              Specifies a non-standard location for the private key to be used
              for authentication to the myproxy-server(8).

              Specifies a non-standard location for the proxy credential to be
              used  for  authentication  to   the   myproxy-server(8).    Also
              specifies  the  output  location  for the proxy credential to be
              retrieved from the myproxy-server(8) unless  the  -o  option  is

              Specifies  a  non-standard  location  for  the  CA  certificates

              Specifies the size  for  RSA  keys  generated  by  MyProxy.   By
              default,   MyProxy  generates  2048  bit  RSA  keys.   Set  this
              environment variable to "1024" for 1024 bit RSA keys.


       See for the list of MyProxy authors.


       myproxy-change-pass-phrase(1),     myproxy-destroy(1),     myproxy-get-
       trustroots(1),  myproxy-info(1),  myproxy-init(1), myproxy-retrieve(1),
       myproxy-server.config(5),  myproxy-store(1),  myproxy-admin-adduser(8),
       myproxy-admin-change-pass(8),         myproxy-admin-load-credential(8),
       myproxy-admin-query(8), myproxy-server(8)