Provided by: myproxy_5.5-1_i386 bug

NAME

       myproxy-store - store end-entity credential for later retrieval

SYNOPSIS

       myproxy-store [ options ]

DESCRIPTION

       The  myproxy-store  command uploads a credential to a myproxy-server(8)
       for later retrieval.  The user must have a valid  proxy  credential  as
       generated  by  grid-proxy-init  or  retrieved  by myproxy-logon(1) when
       running this command.  Unlike myproxy-init(1), this  command  transfers
       the  private  key  over  the  network (over a private channel).  In the
       default  mode,  the  command  will  take  the  credentials   found   in
       ~/.globus/usercert.pem  and ~/.globus/userkey.pem and store them in the
       myproxy-server(8) repository.  Proxy credentials with default  lifetime
       of  12  hours  can  then  be  retrieved  by  myproxy-logon(1) using the
       credential passphrase.  The  default  behavior  can  be  overridden  by
       options specified below.

       The  hostname  where the myproxy-server(8) is running must be specified
       by either defining the MYPROXY_SERVER environment variable  or  the  -s
       option.

OPTIONS

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies  the  hostname(s)  of the myproxy-server(s).  Multiple
              hostnames, each hostname optionally followed by a ':'  and  port
              number, may be specified in a comma-separated list.  This option
              is required if the MYPROXY_SERVER environment  variable  is  not
              defined.  If specified, this option overrides the MYPROXY_SERVER
              environment variable. If a  port  number  is  specified  with  a
              hostname,  it  will  override  the  -p  option  as  well  as the
              MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies  the  TCP  port  number  of   the   myproxy-server(8).
              Default:   7512   If   specified,   this  option  overrides  the
              MYPROXY_SERVER_PORT environment variable.

       -l username, --username username
              Specifies the MyProxy account under which the credential  should
              be  stored.   By  default,  the  command  uses  the value of the
              LOGNAME environment variable.  Use  this  option  to  specify  a
              different  account  username on the MyProxy server.  The MyProxy
              username need not correspond to a real Unix username.

       -c filename, --certfile filename
              Specifies  the  filename  of  the source certificate.

       -y filename, --keyfile filename
              Specifies the filename of the source private key.

       -t hours, --proxy_lifetime hours
              Specifies the maximum lifetime of credentials retrieved from the
              myproxy-server(8)  using  the  stored  credential.   Default: 12
              hours

       -d, --dn_as_username
              Use the  certificate  subject  (DN)  as  the  default  username,
              instead of the LOGNAME environment variable.

       -a, --allow_anonymous_retrievers
              Allow   credentials  to  be  retrieved  with  just  pass  phrase
              authentication.  By default, only entities with credentials that
              match  the myproxy-server.config(5) default retriever policy may
              retrieve  credentials.   This  option  allows  entities  without
              existing  credentials to retrieve a credential using pass phrase
              authentication by including "anonymous" in the  set  of  allowed
              retrievers.   The  myproxy-server.config(5)  server-wide  policy
              must also allow "anonymous" clients for this option to  have  an
              effect.

       -A, --allow_anonymous_renewers
              Allow  credentials to be renewed by any client.  Any client with
              a valid credential with a subject name that matches  the  stored
              credential  may  retrieve  a  new  credential  from  the MyProxy
              repository if this option  is  given.   Since  this  effectively
              defeats  the  purpose  of  proxy credential lifetimes, it is not
              recommended.  It is included only for sake of completeness.

       -r name, --retrievable_by name
              Allow the specified entity to retrieve credentials.  See -x  and
              -X options for controlling name matching behavior.

       -E name, --retrieve_key name
              Allow  the  specified entity to retrieve end-entity credentials.
              See -x and -X options for controlling name matching behavior.

       -R name, --renewable_by name
              Allow the specified entity to renew credentials.  See -x and  -X
              options for controlling name matching behavior.

       -Z name, --retrievable_by_cert name
              Allow  the  specified  entity  to retrieve credentials without a
              passphrase.  See -x and -X options for controlling name matching
              behavior.

       -x, --regex_dn_match
              Specifies that names used with following options -r, -E, -R, and
              -Z  will  be  matched  against  the  full  certificate   subject
              distinguished  name  (DN)  according  to  REGULAR EXPRESSIONS in
              myproxy-server.config(5).

       -X, --match_cn_only
              Specifies that names used with following options -r, -E, -R, and
              -Z  will  be matched against the certificate subject common name
              (CN)   according   to   REGULAR    EXPRESSIONS    in    myproxy-
              server.config(5).   For  example,  if  an  argument  of  -r "Jim
              Basney"  is  specified,  then  the  resulting  policy  will   be
              "*/CN=Jim Basney".  This is the default behavior.

       -k name, --credname name
              Specifies the credential name.

       -K description, --creddesc description
              Specifies credential description.

       EXIT STATUS
              0 on success, >0 on error

FILES

       ~/.globus/usercert.pem
              Default location of the certificate to be stored on the myproxy-
              server.  Use the --certfile option to override.

       ~/.globus/userkey.pem
              Default location of the private key to be stored on the myproxy-
              server.  Use the --keyfile option to override.

       -T, --trustroots
              Retrieve CA certificates directory from server (if available) to
              store in the location specified by the X509_CERT_DIR environment
              variable if set or /etc/grid-security/certificates if running as
              root or ~/.globus/certificates if running as non-root.

ENVIRONMENT

       GLOBUS_GSSAPI_NAME_COMPATIBILITY
              This client will, by default, perform a  reverse-DNS  lookup  to
              determine  the  FQHN  (Fully  Qualified  Host  Name)  to  use in
              verifying the identity  of  the  server  by  checking  the  FQHN
              against  the  CN in server's certificate.  Setting this variable
              to STRICT_RFC2818 will cause the reverse-DNS lookup  to  NOT  be
              performed  and the user-specified name to be used instead.  This
              variable setting will be ignored if MYPROXY_SERVER_DN (described
              later) is set.

       MYPROXY_SERVER
              Specifies   the   hostname(s)  where  the  myproxy-server(8)  is
              running.  Multiple  hostnames  can  be  specified  in  a   comma
              separated  list  with each hostname optionally followed by a ':'
              and port number.  This environment variable can be used in place
              of the -s option.

       MYPROXY_SERVER_PORT
              Specifies the port where the myproxy-server(8) is running.  This
              environment variable can be used in place of the -p option.

       MYPROXY_SERVER_DN
              Specifies the distinguished name (DN) of the  myproxy-server(8).
              All  MyProxy client programs authenticate the server's identity.
              By default, MyProxy servers run with host  credentials,  so  the
              MyProxy   client   programs   expect   the   server  to  have  a
              distinguished      name      with      "/CN=host/<fqhn>"      or
              "/CN=myproxy/<fqhn>" or "/CN=<fqhn>" (where <fqhn> is the fully-
              qualified hostname of the server).  If  the  server  is  running
              with  some  other  DN,  you can set this environment variable to
              tell the MyProxy clients to accept the alternative DN. Also  see
              GLOBUS_GSSAPI_NAME_COMPATIBILITY above.

       MYPROXY_TCP_PORT_RANGE
              Specifies  a  range  of valid port numbers in the form "min,max"
              for the client side of the network connection to the server.  By
              default,  the  client will bind to any available port.  Use this
              environment variable to restrict  the  ports  used  to  a  range
              allowed  by  your  firewall.   If unset, MyProxy will follow the
              setting of the GLOBUS_TCP_PORT_RANGE environment variable.

       X509_USER_CERT
              Specifies a non-standard location for the certificate to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location for the certificate to be stored unless the  -c  option
              is given.

       X509_USER_KEY
              Specifies a non-standard location for the private key to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location  for  the private key to be stored unless the -y option
              is given.

       X509_USER_PROXY
              Specifies a non-standard location for the proxy credential to be
              used for authentication to the myproxy-server(8).

       X509_CERT_DIR
              Specifies  a  non-standard  location  for  the  CA  certificates
              directory.

AUTHORS

       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),     myproxy-destroy(1),     myproxy-get-
       trustroots(1),  myproxy-info(1), myproxy-logon(1), myproxy-retrieve(1),
       myproxy-server.config(5),   myproxy-admin-adduser(8),    myproxy-admin-
       change-pass(8),     myproxy-admin-load-credential(8),    myproxy-admin-
       query(8), myproxy-server(8) myproxy-retrieve(1)