jammy (1) myproxy-get-trustroots.1.gz

Provided by: myproxy_6.2.9-2_amd64 bug

NAME

       myproxy-get-trustroots - fetch trustroots from a myproxy-server

SYNOPSIS

       myproxy-get-trustroots [ options ]

DESCRIPTION

       The  myproxy-get-trustroots  command  retrieves the trusted certificates from the myproxy-
       server(8) and stores them in the  location  specified  by  the  X509_CERT_DIR  environment
       variable   if   set   or   /etc/grid-security/certificates   if   running   as   root   or
       ~/.globus/certificates if running as non-root.

       An  example  cron  job  for  running  myproxy-get-trustroots  periodically  to  keep   the
       X509_CERT_DIR   up-to-date   is  provided  at  $GLOBUS_LOCATION/share/myproxy/myproxy-get-
       trustroots.cron.

OPTIONS

       -b, --bootstrap
              Unless this option is specified, then if the X509_CERT_DIR exists and the  CA  that
              signed  the  myproxy-server(8)  certificate  is not trusted, myproxy-get-trustroots
              will fail with  an  error,  to  protect  against  man-in-the-middle  attacks.   If,
              however,  this  option  is  specified, myproxy-get-trustroots will accept the CA to
              bootstrap trust.

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies the hostname(s)  of  the  myproxy-server(s).   Multiple  hostnames,  each
              hostname optionally followed by a ':' and port number, may be specified in a comma-
              separated list.  This option is required if the MYPROXY_SERVER environment variable
              is not defined.  If specified, this option overrides the MYPROXY_SERVER environment
              variable. If a port number is specified with a hostname, it will  override  the  -p
              option as well as the MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies the TCP port number of the myproxy-server(8).  Default: 7512

       -q, --quiet
              Only write output messages on error.

ENVIRONMENT

       GLOBUS_GSSAPI_NAME_COMPATIBILITY
              This  client  will,  by default, perform a reverse-DNS lookup to determine the FQHN
              (Fully Qualified Host Name) to use in verifying  the  identity  of  the  server  by
              checking the FQHN against the CN in server's certificate.  Setting this variable to
              STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be performed and the  user-
              specified  name  to  be  used  instead.   This  variable setting will be ignored if
              MYPROXY_SERVER_DN (described later) is set.

       MYPROXY_SERVER
              Specifies  the  hostname(s)  where  the  myproxy-server(8)  is  running.   Multiple
              hostnames  can be specified in a comma separated list with each hostname optionally
              followed by a ':' and port number.  This environment variable can be used in  place
              of the -s option.

       MYPROXY_SERVER_PORT
              Specifies  the  port  where  the  myproxy-server(8)  is  running.  This environment
              variable can be used in place of the -p option.

       MYPROXY_SERVER_DN
              Specifies the distinguished name (DN) of the myproxy-server(8).  All MyProxy client
              programs  authenticate the server's identity.  By default, MyProxy servers run with
              host credentials, so the MyProxy client  programs  expect  the  server  to  have  a
              distinguished  name  with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>" or "/CN=<fqhn>"
              (where <fqhn> is the fully-qualified hostname of the server).   If  the  server  is
              running  with  some  other  DN,  you  can set this environment variable to tell the
              MyProxy    clients    to    accept     the     alternative     DN.     Also     see
              GLOBUS_GSSAPI_NAME_COMPATIBILITY above.

       MYPROXY_TCP_PORT_RANGE
              Specifies  a  range of valid port numbers in the form "min,max" for the client side
              of the network connection to the server.  By default, the client will bind  to  any
              available  port.   Use  this  environment  variable to restrict the ports used to a
              range allowed by your firewall.  If unset, MyProxy will follow the setting  of  the
              GLOBUS_TCP_PORT_RANGE environment variable.

       X509_USER_CERT
              Specifies a non-standard location for the certificate to be used for authentication
              to the myproxy-server(8).

       X509_USER_KEY
              Specifies a non-standard location for the private key to be used for authentication
              to the myproxy-server(8).

       X509_USER_PROXY
              Specifies  a  non-standard  location  for  the  proxy  credential  to  be  used for
              authentication to the myproxy-server(8).

       X509_CERT_DIR
              Specifies a non-standard location for the CA certificates directory.

AUTHORS

       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),   myproxy-init(1),
       myproxy-logon(1),    myproxy-retrieve(1),    myproxy-server.config(5),   myproxy-store(1),
       myproxy-admin-adduser(8), myproxy-admin-change-pass(8),  myproxy-admin-load-credential(8),
       myproxy-admin-query(8), myproxy-server(8)