jammy (1) myproxy-store.1.gz

Provided by: myproxy_6.2.9-2_amd64 bug

NAME

       myproxy-store - store end-entity credential for later retrieval

SYNOPSIS

       myproxy-store [ options ]

DESCRIPTION

       The myproxy-store command uploads a credential to a myproxy-server(8) for later retrieval.
       The user must have a valid proxy credential as generated by grid-proxy-init  or  retrieved
       by  myproxy-logon(1)  when  running  this  command.   Unlike myproxy-init(1), this command
       transfers the private key over the network (over a private channel).  In the default mode,
       the   command   will   take   the   credentials   found   in   ~/.globus/usercert.pem  and
       ~/.globus/userkey.pem  and  store  them  in  the  myproxy-server(8)   repository.    Proxy
       credentials  with  default  lifetime of 12 hours can then be retrieved by myproxy-logon(1)
       using the credential passphrase.  The  default  behavior  can  be  overridden  by  options
       specified below.

       The  hostname  where the myproxy-server(8) is running must be specified by either defining
       the MYPROXY_SERVER environment variable or the -s option.

OPTIONS

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies the hostname(s)  of  the  myproxy-server(s).   Multiple  hostnames,  each
              hostname optionally followed by a ':' and port number, may be specified in a comma-
              separated list.  This option is required if the MYPROXY_SERVER environment variable
              is not defined.  If specified, this option overrides the MYPROXY_SERVER environment
              variable. If a port number is specified with a hostname, it will  override  the  -p
              option as well as the MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies  the  TCP  port  number  of  the  myproxy-server(8).   Default:  7512  If
              specified, this option overrides the MYPROXY_SERVER_PORT environment variable.

       -l username, --username username
              Specifies the MyProxy account under which the  credential  should  be  stored.   By
              default,  the command uses the value of the LOGNAME environment variable.  Use this
              option to specify a different account username on the MyProxy server.  The  MyProxy
              username need not correspond to a real Unix username.

       -c filename, --certfile filename
              Specifies  the  filename  of  the source certificate.

       -y filename, --keyfile filename
              Specifies the filename of the source private key.

       -t hours, --proxy_lifetime hours
              Specifies  the maximum lifetime of credentials retrieved from the myproxy-server(8)
              using the stored credential.  Default: 12 hours

       -d, --dn_as_username
              Use the certificate subject (DN) as the default username, instead  of  the  LOGNAME
              environment variable.

       -a, --allow_anonymous_retrievers
              Allow  credentials  to  be  retrieved  with  just  pass  phrase authentication.  By
              default, only entities with credentials  that  match  the  myproxy-server.config(5)
              default  retriever  policy  may  retrieve credentials.  This option allows entities
              without  existing  credentials  to  retrieve  a  credential   using   pass   phrase
              authentication  by  including  "anonymous"  in  the set of allowed retrievers.  The
              myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for
              this option to have an effect.

       -A, --allow_anonymous_renewers
              Allow  credentials to be renewed by any client.  Any client with a valid credential
              with a subject  name  that  matches  the  stored  credential  may  retrieve  a  new
              credential  from  the  MyProxy  repository  if  this  option  is given.  Since this
              effectively  defeats  the  purpose  of  proxy  credential  lifetimes,  it  is   not
              recommended.  It is included only for sake of completeness.

       -r name, --retrievable_by name
              Allow  the  specified  entity  to  retrieve credentials.  See -x and -X options for
              controlling name matching behavior.

       -E name, --retrieve_key name
              Allow the specified entity to retrieve  end-entity  credentials.   See  -x  and  -X
              options for controlling name matching behavior.

       -R name, --renewable_by name
              Allow  the  specified  entity  to  renew  credentials.   See  -x and -X options for
              controlling name matching behavior.

       -Z name, --retrievable_by_cert name
              Allow the specified entity to retrieve credentials without a  passphrase.   See  -x
              and -X options for controlling name matching behavior.

       -x, --regex_dn_match
              Specifies that names used with following options -r, -E, -R, and -Z will be matched
              against the full certificate subject distinguished name (DN) according  to  REGULAR
              EXPRESSIONS in myproxy-server.config(5).

       -X, --match_cn_only
              Specifies that names used with following options -r, -E, -R, and -Z will be matched
              against the certificate subject common name (CN) according to  REGULAR  EXPRESSIONS
              in  myproxy-server.config(5).   For  example,  if an argument of -r "Jim Basney" is
              specified, then the resulting policy  will  be  "*/CN=Jim  Basney".   This  is  the
              default behavior.

       -k name, --credname name
              Specifies the credential name.

       -K description, --creddesc description
              Specifies credential description.

       EXIT STATUS
              0 on success, >0 on error

FILES

       ~/.globus/usercert.pem
              Default  location  of  the certificate to be stored on the myproxy-server.  Use the
              --certfile option to override.

       ~/.globus/userkey.pem
              Default location of the private key to be stored on the  myproxy-server.   Use  the
              --keyfile option to override.

       -T, --trustroots
              Retrieve  CA  certificates  directory  from  server  (if available) to store in the
              location specified by the X509_CERT_DIR environment variable if set  or  /etc/grid-
              security/certificates  if  running  as root or ~/.globus/certificates if running as
              non-root.

ENVIRONMENT

       GLOBUS_GSSAPI_NAME_COMPATIBILITY
              This client will, by default, perform a reverse-DNS lookup to  determine  the  FQHN
              (Fully  Qualified  Host  Name)  to  use  in verifying the identity of the server by
              checking the FQHN against the CN in server's certificate.  Setting this variable to
              STRICT_RFC2818  will cause the reverse-DNS lookup to NOT be performed and the user-
              specified name to be used instead.   This  variable  setting  will  be  ignored  if
              MYPROXY_SERVER_DN (described later) is set.

       MYPROXY_SERVER
              Specifies   the  hostname(s)  where  the  myproxy-server(8)  is  running.  Multiple
              hostnames can be specified in a comma separated list with each hostname  optionally
              followed  by a ':' and port number.  This environment variable can be used in place
              of the -s option.

       MYPROXY_SERVER_PORT
              Specifies the port  where  the  myproxy-server(8)  is  running.   This  environment
              variable can be used in place of the -p option.

       MYPROXY_SERVER_DN
              Specifies the distinguished name (DN) of the myproxy-server(8).  All MyProxy client
              programs authenticate the server's identity.  By default, MyProxy servers run  with
              host  credentials,  so  the  MyProxy  client  programs  expect the server to have a
              distinguished name with "/CN=host/<fqhn>" or "/CN=myproxy/<fqhn>"  or  "/CN=<fqhn>"
              (where  <fqhn>  is  the  fully-qualified hostname of the server).  If the server is
              running with some other DN, you can set  this  environment  variable  to  tell  the
              MyProxy     clients     to     accept     the     alternative    DN.    Also    see
              GLOBUS_GSSAPI_NAME_COMPATIBILITY above.

       MYPROXY_TCP_PORT_RANGE
              Specifies a range of valid port numbers in the form "min,max" for the  client  side
              of  the  network connection to the server.  By default, the client will bind to any
              available port.  Use this environment variable to restrict  the  ports  used  to  a
              range  allowed  by your firewall.  If unset, MyProxy will follow the setting of the
              GLOBUS_TCP_PORT_RANGE environment variable.

       X509_USER_CERT
              Specifies a non-standard location for the certificate to be used for authentication
              to  the  myproxy-server(8).   Also specifies the location for the certificate to be
              stored unless the -c option is given.

       X509_USER_KEY
              Specifies a non-standard location for the private key to be used for authentication
              to  the  myproxy-server(8).   Also specifies the location for the private key to be
              stored unless the -y option is given.

       X509_USER_PROXY
              Specifies a  non-standard  location  for  the  proxy  credential  to  be  used  for
              authentication to the myproxy-server(8).

       X509_CERT_DIR
              Specifies a non-standard location for the CA certificates directory.

AUTHORS

       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),  myproxy-get-trustroots(1),  myproxy-
       info(1), myproxy-logon(1), myproxy-retrieve(1),  myproxy-server.config(5),  myproxy-admin-
       adduser(8), myproxy-admin-change-pass(8), myproxy-admin-load-credential(8), myproxy-admin-
       query(8), myproxy-server(8) myproxy-retrieve(1)