Provided by: myproxy_5.5-1_i386 bug

NAME

       myproxy-retrieve - retrieve an end-entity credential

SYNOPSIS

       myproxy-retrieve [ options ]

DESCRIPTION

       The  myproxy-retrieve  command retrieves a credential directly from the
       myproxy-server(8) that was previously stored using  myproxy-init(1)  or
       myproxy-store(1).   Unlike myproxy-logon(1), this command transfers the
       private key  in  the  repository  over  the  network  (over  a  private
       channel).   To  obtain  a proxy credential, we recommend using myproxy-
       logon(1) instead.

       In the default mode, the command prompts for the pass phrase associated
       with the credential to be retrieved and stores the retrieved credential
       in    the    standard    location    (    ~/.globus/usercert.pem    and
       ~/.globus/userkey.pem).  You could then run grid-proxy-init to create a
       proxy credential from the retrieved credentials.

OPTIONS

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies the hostname(s) of  the  myproxy-server(s).   Multiple
              hostnames,  each  hostname optionally followed by a ':' and port
              number, may be specified in a comma-separated list.  This option
              is  required  if  the MYPROXY_SERVER environment variable is not
              defined.  If specified, this option overrides the MYPROXY_SERVER
              environment  variable.  If  a  port  number  is specified with a
              hostname, it  will  override  the  -p  option  as  well  as  the
              MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies   the   TCP  port  number  of  the  myproxy-server(8).
              Default: 7512

       -l username, --username username
              Specifies the MyProxy account  under  which  the  credential  to
              retrieve  is  stored.  By default, the command uses the value of
              the LOGNAME environment variable.  Use this option to specify  a
              different  account  username on the MyProxy server.  The MyProxy
              username need not correspond to a real Unix username.

       -d, --dn_as_username
              Use the  certificate  subject  (DN)  as  the  default  username,
              instead of the LOGNAME environment variable.  When used with the
              -a  option,  the  certificate  subject  of   the   authorization
              credential  is  used.  Otherwise, the certificate subject of the
              default credential is used.

       -t hours, --proxy_lifetime hours
              Specifies  the  lifetime  of  credentials  retrieved  from   the
              myproxy-server(8)  using  the  stored credential.  The resulting
              lifetime is the  shorter  of  the  requested  lifetime  and  the
              lifetime specified when the credential was stored using myproxy-
              init(1).  Default: 12 hours

       -c filename, --certfile filename
              Specifies  the  filename  of  where  the   certificate  will  be
              stored.

       -y filename, --keyfile filename
              Specifies the filename of where the private  key will be stored.

       -a file, --authorization file
              Use  this  option  to specify an existing, valid credential that
              you want to renew.  Renewing a credential generally requires two
              certificate-based  authentications.   The  client  authenticates
              with its identity, using the credential in the standard location
              or   specified   by   X509_USER_PROXY   or   X509_USER_CERT  and
              X509_USER_KEY in addition to authenticating  with  the  existing
              credential,  in  the  location specified by this option, that it
              wants to renew.

       -k name, --credname name
              Specifies the name of the credential that is to be retrieved  or
              renewed.

       -S, --stdin_pass
              By  default,  the command prompts for a passphrase and reads the
              passphrase from the active tty.  When running the  command  non-
              interactively,  there may be no associated tty.  Specifying this
              option tells the command to read passphrases from standard input
              without prompts or confirmation.

       -T, --trustroots
              Retrieve CA certificates directory from server (if available) to
              store in the location specified by the X509_CERT_DIR environment
              variable if set or /etc/grid-security/certificates if running as
              root or ~/.globus/certificates if running as non-root.

       -n, --no_passphrase
              Don't prompt for a credential passphrase.  Use other methods for
              authentication, such as Kerberos ticket or X.509 certificate.

EXIT STATUS

       0 on success, >0 on error

ENVIRONMENT

       GLOBUS_GSSAPI_NAME_COMPATIBILITY
              This  client  will,  by default, perform a reverse-DNS lookup to
              determine the  FQHN  (Fully  Qualified  Host  Name)  to  use  in
              verifying  the  identity  of  the  server  by  checking the FQHN
              against the CN in server's certificate.  Setting  this  variable
              to  STRICT_RFC2818  will  cause the reverse-DNS lookup to NOT be
              performed and the user-specified name to be used instead.   This
              variable setting will be ignored if MYPROXY_SERVER_DN (described
              later) is set.

       MYPROXY_SERVER
              Specifies  the  hostname(s)  where  the   myproxy-server(8)   is
              running.   Multiple  hostnames  can  be  specified  in  a  comma
              separated list with each hostname optionally followed by  a  ':'
              and port number.  This environment variable can be used in place
              of the -s option.

       MYPROXY_SERVER_PORT
              Specifies the port where the myproxy-server(8) is running.  This
              environment variable can be used in place of the -p option.

       MYPROXY_SERVER_DN
              Specifies  the distinguished name (DN) of the myproxy-server(8).
              All MyProxy client programs authenticate the server's  identity.
              By  default,  MyProxy  servers run with host credentials, so the
              MyProxy  client  programs  expect   the   server   to   have   a
              distinguished      name      with      "/CN=host/<fqhn>"      or
              "/CN=myproxy/<fqhn>" or "/CN=<fqhn>" (where <fqhn> is the fully-
              qualified  hostname  of  the  server).  If the server is running
              with some other DN, you can set  this  environment  variable  to
              tell  the MyProxy clients to accept the alternative DN. Also see
              GLOBUS_GSSAPI_NAME_COMPATIBILITY above.

       MYPROXY_TCP_PORT_RANGE
              Specifies a range of valid port numbers in  the  form  "min,max"
              for the client side of the network connection to the server.  By
              default, the client will bind to any available port.   Use  this
              environment  variable  to  restrict  the  ports  used to a range
              allowed by your firewall.  If unset,  MyProxy  will  follow  the
              setting of the GLOBUS_TCP_PORT_RANGE environment variable.

       X509_USER_CERT
              Specifies a non-standard location for the certificate to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location  for  where  the  retrieved  certificate will be stored
              unless the -c option is given.

       X509_USER_KEY
              Specifies a non-standard location for the private key to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location for where the retrieved  private  key  will  be  stored
              unless the -y option is given.

       X509_USER_PROXY
              Specifies a non-standard location for the proxy credential to be
              used for authentication to the myproxy-server(8).

       X509_CERT_DIR
              Specifies  a  non-standard  location  for  the  CA  certificates
              directory.

AUTHORS

       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),     myproxy-destroy(1),     myproxy-get-
       trustroots(1),  myproxy-info(1),   myproxy-init(1),   myproxy-logon(1),
       myproxy-store(1),  myproxy-server.config(5),  myproxy-admin-adduser(8),
       myproxy-admin-change-pass(8),         myproxy-admin-load-credential(8),
       myproxy-admin-query(8), myproxy-server(8)