Ubuntu manuals

Provided by: myproxy-admin_5.5-1_i386

NAME

       myproxy-admin-adduser - add a user or service credential

SYNOPSIS

       myproxy-admin-adduser [ options ]

       myproxy-admin-addservice [ options ]

DESCRIPTION

       The  myproxy-admin-adduser and myproxy-admin-addservice commands create
       a new credential for a user or service and load  it  into  the  MyProxy
       repository.   They  are  perl(1)  scripts that run grid-cert-request (a
       standard Globus Toolkit program)  and  grid-ca-sign  (from  the  Globus
       Simple CA package) to create the credential and then run myproxy-admin-
       load-credential(8) to load the credential into the MyProxy repository.

       The command prompts for the common name  to  be  included  in  the  new
       certificate (if the -c argument is not specified), the Globus Simple CA
       key password for signing the certificate, the MyProxy username (if  the
       -l  or  -d arguments are not specified), and the MyProxy passphrase for
       the credential.  Most of the command-line options for this command  are
       passed directly to the myproxy-admin-load-credential(8) command.

       The  grid-ca-sign  program is not provided in the MyProxy distribution.
       It must be installed separately, from the Globus Simple CA package.

OPTIONS

       -h     Displays command usage text and exits.

       -u     Displays command usage text and exits.

       -v     Enables verbose debugging output to the terminal.

       -c cn  Specifies the Common Name for the new credential  (for  example:
              "Jim Basney").

       -s dir Specifies the location of the credential storage directory.  The
              directory must be  accessible  only  by  the  user  running  the
              myproxy-server   process   for   security   reasons.    Default:
              /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy

       -l username
              Specifies the MyProxy account under which the credential  should
              be stored.

       -t hours
              Specifies the maximum lifetime of credentials retrieved from the
              myproxy-server(8) using  the  stored  credential.   Default:  12
              hours

       -p CA-password
              Specifies the password for the CA's private key using the format
              documented in the PASS PHRASE ARGUMENTS section of openssl(1).

       -n     Disables passphrase authentication for  the  stored  credential.
              If  specified, the command will not prompt for a passphrase, the
              credential  will  not  be  encrypted  by  a  passphrase  in  the
              repository,  and  the  credential  will not be retrievable using
              passphrase authentication with myproxy-logon(1).  This option is
              used for storing renewable credentials and is implied by -R.

       -d     Use the certificate subject (DN) as the username.

       -a     Allow   credentials  to  be  retrieved  with  just  pass  phrase
              authentication.  By default, only entities with credentials that
              match  the myproxy-server.config(5) default retriever policy may
              retrieve  credentials.   This  option  allows  entities  without
              existing  credentials to retrieve a credential using pass phrase
              authentication by including "anonymous" in the  set  of  allowed
              retrievers.   The  myproxy-server.config(5)  server-wide  policy
              must also allow "anonymous" clients for this option to  have  an
              effect.

       -A     Allow  credentials to be renewed by any client.  Any client with
              a valid credential with a subject name that matches  the  stored
              credential  may  retrieve  a  new  credential  from  the MyProxy
              repository if this option  is  given.   Since  this  effectively
              defeats  the  purpose  of  proxy credential lifetimes, it is not
              recommended.  It is included only for sake of completeness.

       -r name
              Allow the specified entity to retrieve credentials. See  -x  and
              -X options for controlling name matching behavior.

       -R name
              Allow  the  specified entity to renew credentials. See -x and -X
              options for controlling name  matching  behavior.   This  option
              implies  -n  since  passphrase  authentication  is  not used for
              credential renewal.

       -Z name, --retrievable_by_cert name
              Allow the specified entity to  retrieve  credentials  without  a
              passphrase.  See -x and -X options for controlling name matching
              behavior.  This option implies -n.

       -x     Specifies that names used with following options -r, -R, and  -Z
              will   be   matched   against   the   full  certificate  subject
              distinguished name (DN)  according  to  REGULAR  EXPRESSIONS  in
              myproxy-server.config(5).

       -X     Specifies  that names used with following options -r, -R, and -Z
              will be matched against the certificate subject common name (CN)
              according  to  REGULAR  EXPRESSIONS in myproxy-server.config(5).
              For example, if an argument of -r  "Jim  Basney"  is  specified,
              then  the  resulting  policy will be "*/CN=Jim Basney".  This is
              the default behavior.

       -k name
              Specifies the credential name.

       -K description
              Specifies credential description.

EXIT STATUS

       0 on success, >0 on error

AUTHORS

       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),
       myproxy-init(1),    myproxy-logon(1),   myproxy-retrieve(1),   myproxy-
       store(1),    myproxy-server.config(5),    myproxy-admin-change-pass(8),
       myproxy-admin-load-credential(8),    myproxy-admin-query(8),   myproxy-
       server(8)