Provided by: voms-server_2.1.0~rc2-2_amd64
voms - VOMS server
voms [-foreground] [-port port] [-backlog pnum] [-logfile file] [-globusid id] [-globuspwd file] [-passfile file] [-x509_cert_dir path] [-x509_cert_file file] [-x509_user_cert file] [-x509_user_key file] [-x509_user_proxy file] [-dbname name] [-username name] [-vo name] [-timeout limit] [-test] [-conf file] [-uri uri] [-version] [-code c] [-loglevel lev] [-logtype type] [-logformat str] [-logdateformat str] [-debug] [-sqlloc path] [-compat] [-socktimeout num] [-logmax num] [-newformat] [-skipcacheck] [-help] [-usage] [-globus version] [-contactstring contact] [-mysql-port port] [-mysql-socket socket] [-shortfqans] [-syslog] [-base64] [-nologfile]
VOMS - Virtual Organization Membership Service. For the initial setup of the server, run the voms_install_db script as root.
Options may be specified indifferently with either a "-" or "--" prefix. Their meaning is the following. -help -usage These options print a list of options that the server accepts. They are synonyms. -foreground Runs part of the server in foreground. Easier debugging. -port port Listens on port port. The default is 754. -backlog num Sets the maximum backlof for the connections. The default is 50. -logfile file Selects the file for logging. The default is /ver/log/voms. -globusid id -globuspwd file This options are supported for backwards compatibility only. They have no effect, and indeed do not get listed by the -help option. -passfile file Reads the password to access the DB from file. The default is to read it from the console during server´s startup. -x509_cert_dir path -x509_cert_file file -x509_user_cert file -x509_user_key file -x509_user_proxy file These options set the respective variables. -dbname name Sets the name of the DB. Default voms. -username name Sets the name of the user for the DB login. The default is voms. -vo name Sets the name of the VO that owns this server. The default is unspecified. -timeout limit Sets the length of time that the information is valid, measured in secods. The default is 86400 seconds (24 hours). -test Prints information about the server startup and then exits. -conf file Reads option from the file file. The options must be present one per line in the format -option[=value] where the value part must obviously be present only if it is required. -uri uri Defines the uri of the server that will be included in the generated pseudo certificate. The default value is hostname:port -version Prints information about the server and then exits. -code c -globus version These option are obsolete and only present for backwards compatibility with old installation. Currently, their values are ignored. Do not specify them in new installations. -logtype type Sets the type of messages that will be loggged. Acceptable values are: • 1 - STARTUP, print startup messages. • 2 - REQUEST, print messages during the request interpretation phase. • 4 - RESULT, print messages during the result sending phase. This values can be ORed together to indicate that all the corresponding types of messages are required. The default values is 255. -loglevel lev Sets the level of verbosity of log messages. Acceptable values are: • 1 - LEV_NONE, do not log anything. • 2 - LEV_ERROR, the default, logs only error conditions. • 3 - LEV_WARNINGS, logs also warning messages. • 4 - LEV_INFO, logs also general informational messages. • 5 - LEV_DEBUG, logs also a lot of debug messages. Setting this level of verbosity overwrites the value of the -logtype option to 255. Higher values include all messages printed by lower ones, and values not documented here are translated as the highest level possible, LEV_DEBUG -logformat str Sets the format used by the loggin system according toa printf-like format string with the following directives format: \%[size][char] where size, if present, sets the maximum length of the field and char selects the type of substitution done. Possible values are the following: • % - Substitutes a plain ´%´. • d - Substitutes the date. The date format is specified by the -logdateformat option. • f - Substitutes the name of the source file that logs the message. • F - Substitutes the name of the function that logs the message. • h - Substitutes the hostname of the machine hosting the service. • l - Substitutes the line number that logs the message. • m - Substitutes the message proper. • p - Substitutes the process´ pid. • s - Substitutes the service name ("vomsd"). • t - Substitutes the number of the message type. (see the -logtype option) • T - Substitutes the name of the message type. (see the -logtype option) • v - Substitutes the number of the message level. (see the -loglevel option) • V - Substitutes the name of the message level. (see the -loglevel option) The default value for this options is: "%d:%h:%s(%p):%V:%T:%F (%f:%l):%m" -logdateformat str This option sets the format used to print the date. The format is the same used by the strftime(3) function, and its default value is: "%c". -debug This option puts the server into debug mode. This mode automatically implies -loglevel 5. Also, this option hurts scalability and is not suggested in a production environment -sqlloc /path/file This option specifies the full path for the DB access library. Please note that there is no default for this option! -socktimeout num This option sets the amount of time, in seconds, after which the server will drop an inactive connection. The default is 60 seconds. -maxlog num This options sets the maximum size of a log file. Please note that this size is approximate, and may be exceeded by a few thousand bytes. In any case, when the specified amount is surpassed, logfiles are rotated. The default is 10Mb -newformat This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version. -skipcacheck This option, if specified, forces voms to drop some of the checks done as the authorization step before AC creation. Specifically, voms will no longer be capable of distinguishing to certificates with the same DN but different issuers. For obvious reasons, use of this option is discouraged. Note also that activating this option requires a previous check by the voms server administrator that there are no certificates registered in the DB which the same DN and different issuers. If there are, the result of a voms-proxy-init command for one of those users will be unpredictable. -contactstring contact This string specifies information on how to contact the DB server. Its exact meaning depends on the DB backend used. For MySQL it is the hostname of the MySQL server, and it defaults to ´localhost´. For Oracle it is the contactstring of the DB. However, for oracle it is better to put what whould be the argument of this string into the ´tnsnames.ora´ file and ignore this option, -mysql-port port This option specified the port on which the MySQL server is listening if it is different from its 3306 default. This value is ignored for Oracle backends. -mysql-socket socket MySQL servers may be configured to allow access through a unix-level socket. This option allows to specify this method of contact. However, it is almost always better to contact the server through the port. This option is ignored for Oracle backends. -shortfqans This option instructs the server to always generate FQANs in their short form, i.e. without the /Role=NULL and /Capability=NULL parts. Successive server version will make this behaviour the default, and provide a -noshortfqans option to fallback to the longer format. Specifying this option is recommended. -syslog This option allows log messages to be sent to syslog. -base64 This option instructs the server to use the base64 encoding for its messages, rather than the in-house encoding. This option will be made the default in future versions and -nobase64 will be provided to fallback to the inhouse encoding. Specifying this option is recommended. -nologfile This option disables logging on the voms specific logfile. Please note that specifying this option without at the same time specifying -syslog implies that no logging will take place.
EGEE Bug Tracking Tool
voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1) EDT Auth Home page CVSweb RPM repository
Vincenzo Ciaschini Vincenzo.Ciaschini@cnaf.infn.it. Valerio Venturi Valerio.Venturi@cnaf.infn.it.
Copyright (c) Members of the EGEE Collaboration. 2004. See the beneficiaries list for details on the copyright holders. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
1. EGEE Bug Tracking Tool https://savannah.cern.ch/projects/jra1mdw/ 2. EDT Auth Home page http://grid-auth.infn.it 3. CVSweb http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms 4. RPM repository http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 5. www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0