oracular (8) myproxy-admin-addservice.8.gz

Provided by: myproxy-admin_6.2.16-3_amd64 bug

NAME

       myproxy-admin-adduser - add a user or service credential

SYNOPSIS

       myproxy-admin-adduser [ options ]

       myproxy-admin-addservice [ options ]

DESCRIPTION

       The  myproxy-admin-adduser  and  myproxy-admin-addservice commands create a new credential
       for a user or service and load it into the MyProxy repository.  They are  perl(1)  scripts
       that  run  grid-cert-request  (a standard Grid Community Toolkit program) and grid-ca-sign
       (from the Globus Simple CA package) to create the credential and then  run  myproxy-admin-
       load-credential(8) to load the credential into the MyProxy repository.

       The  command  prompts for the common name to be included in the new certificate (if the -c
       argument is not specified), the Globus Simple CA key password for signing the certificate,
       the  MyProxy  username  (if  the  -l  or  -d arguments are not specified), and the MyProxy
       passphrase for the credential.  Most of the command-line  options  for  this  command  are
       passed directly to the myproxy-admin-load-credential(8) command.

       The  grid-ca-sign  program  is  not  provided  in  the  MyProxy  distribution.  It must be
       installed separately, from the Globus Simple CA package.

OPTIONS

       -h     Displays command usage text and exits.

       -u     Displays command usage text and exits.

       -v     Enables verbose debugging output to the terminal.

       -c cn  Specifies the Common Name for the new credential (for example: "Jim Basney").

       -s dir Specifies the location of the credential storage directory.  The directory must  be
              accessible  only  by  the  user  running  the  myproxy-server  process for security
              reasons.  Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy

       -l username
              Specifies the MyProxy account under which the credential should be stored.

       -t hours
              Specifies the maximum lifetime of credentials retrieved from the  myproxy-server(8)
              using the stored credential.  Default: 12 hours

       -p CA-password
              Specifies  the password for the CA's private key using the format documented in the
              PASS PHRASE ARGUMENTS section of openssl(1).

       -n     Disables passphrase authentication for the stored credential.   If  specified,  the
              command will not prompt for a passphrase, the credential will not be encrypted by a
              passphrase in the repository, and the credential  will  not  be  retrievable  using
              passphrase  authentication  with myproxy-logon(1).  This option is used for storing
              renewable credentials and is implied by -R.

       -d     Use the certificate subject (DN) as the username.

       -a     Allow credentials to  be  retrieved  with  just  pass  phrase  authentication.   By
              default,  only  entities  with  credentials that match the myproxy-server.config(5)
              default retriever policy may retrieve credentials.   This  option  allows  entities
              without   existing   credentials   to  retrieve  a  credential  using  pass  phrase
              authentication by including "anonymous" in the  set  of  allowed  retrievers.   The
              myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for
              this option to have an effect.

       -A     Allow credentials to be renewed by any client.  Any client with a valid  credential
              with  a  subject  name  that  matches  the  stored  credential  may  retrieve a new
              credential from the MyProxy  repository  if  this  option  is  given.   Since  this
              effectively   defeats  the  purpose  of  proxy  credential  lifetimes,  it  is  not
              recommended.  It is included only for sake of completeness.

       -r name
              Allow the specified entity to retrieve credentials.  See  -x  and  -X  options  for
              controlling name matching behavior.

       -R name
              Allow  the  specified  entity  to  renew  credentials.  See  -x  and -X options for
              controlling name matching  behavior.   This  option  implies  -n  since  passphrase
              authentication is not used for credential renewal.

       -Z name, --retrievable_by_cert name
              Allow the specified entity to retrieve credentials without a passphrase. See -x and
              -X options for controlling name matching behavior.  This option implies -n.

       -x     Specifies that names used with following options -r, -R, and  -Z  will  be  matched
              against  the  full certificate subject distinguished name (DN) according to REGULAR
              EXPRESSIONS in myproxy-server.config(5).

       -X     Specifies that names used with following options -r, -R, and  -Z  will  be  matched
              against  the  certificate subject common name (CN) according to REGULAR EXPRESSIONS
              in myproxy-server.config(5).  For example, if an argument of  -r  "Jim  Basney"  is
              specified,  then  the  resulting  policy  will  be  "*/CN=Jim Basney".  This is the
              default behavior.

       -k name
              Specifies the credential name.

       -K description
              Specifies credential description.

EXIT STATUS

       0 on success, >0 on error

AUTHORS

       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),   myproxy-init(1),
       myproxy-logon(1),    myproxy-retrieve(1),    myproxy-store(1),   myproxy-server.config(5),
       myproxy-admin-change-pass(8),  myproxy-admin-load-credential(8),   myproxy-admin-query(8),
       myproxy-server(8)