oracular (8) myproxy-admin-load-credential.8.gz

Provided by: myproxy-admin_6.2.16-3_amd64 bug

NAME

       myproxy-admin-load-credential - directly load repository

SYNOPSIS

       myproxy-admin-load-credential [ options ]

DESCRIPTION

       The  myproxy-admin-load-credential  command  stores  a  credential  directly  in the local
       MyProxy repository.  It must be run from the account that owns the  repository.   Many  of
       the  options are similar to myproxy-init(1).  However, unlike myproxy-init, myproxy-admin-
       load-credential does not create a proxy from the source credential  but  instead  directly
       loads  a copy of the source credential into the repository.  The pass phrase of the source
       credential is unchanged.  Use myproxy-admin-change-pass(8) to change the pass phrase after
       the  credential is stored if desired.  Proxy credentials with default lifetime of 12 hours
       can then be retrieved by myproxy-logon(1) using the  MyProxy  passphrase.   The  command's
       behavior is controlled by the following options.

OPTIONS

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s dir, --storage dir
              Specifies  the location of the credential storage directory.  The directory must be
              accessible only by  the  user  running  the  myproxy-server  process  for  security
              reasons.  Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy

       -c filename, --certfile filename
              Specifies the filename of the source certificate.  This is a required parameter.

       -y filename, --keyfile filename
              Specifies  the  filename  of the source private key.  This is a required parameter.
              If the private key is encrypted, MyProxy clients  will  be  required  to  give  the
              encryption passphrase to access the key.  When used with -R or -Z, it is common for
              the private key to not be encrypted, so MyProxy clients can access the  credentials
              using only certificate-based authentication and authorization.

       -l username, --username username
              Specifies  the  MyProxy  account  under  which the credential should be stored.  By
              default, the command uses the value of the LOGNAME environment variable.  Use  this
              option  to specify a different account username on the MyProxy server.  The MyProxy
              username need not correspond to a real Unix username.

       -t hours, --proxy_lifetime hours
              Specifies the maximum lifetime of credentials retrieved from the  myproxy-server(8)
              using the stored credential.  Default: 12 hours

       -d, --dn_as_username
              Use the certificate subject (DN) as the username.

       -a, --allow_anonymous_retrievers
              Allow  credentials  to  be  retrieved  with  just  pass  phrase authentication.  By
              default, only entities with credentials  that  match  the  myproxy-server.config(5)
              default  retriever  policy  may  retrieve credentials.  This option allows entities
              without  existing  credentials  to  retrieve  a  credential   using   pass   phrase
              authentication  by  including  "anonymous"  in  the set of allowed retrievers.  The
              myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for
              this option to have an effect.

       -A, --allow_anonymous_renewers
              Allow  credentials to be renewed by any client.  Any client with a valid credential
              with a subject  name  that  matches  the  stored  credential  may  retrieve  a  new
              credential  from  the  MyProxy  repository  if  this  option  is given.  Since this
              effectively  defeats  the  purpose  of  proxy  credential  lifetimes,  it  is   not
              recommended.  It is included only for sake of completeness.

       -r name, --retrievable_by name
              Allow  the  specified  entity  to  retrieve credentials.  See -x and -X options for
              controlling name matching behavior.

       -E name, --retrieve_key name
              Allow the specified entity to retrieve  end-entity  credentials.   See  -x  and  -X
              options for controlling name matching behavior.

       -R name, --renewable_by name
              Allow  the  specified  entity  to  renew  credentials.   See  -x and -X options for
              controlling name matching behavior.

       -Z name, --retrievable_by_cert name
              Allow the specified entity to retrieve credentials without a  passphrase.   See  -x
              and -X options for controlling name matching behavior.

       -x, --regex_dn_match
              Specifies that names used with following options -r, -E, -R, and -Z will be matched
              against the full certificate subject distinguished name (DN) according  to  REGULAR
              EXPRESSIONS in myproxy-server.config(5).

       -X, --match_cn_only
              Specifies that names used with following options -r, -E, -R, and -Z will be matched
              against the certificate subject common name (CN) according to  REGULAR  EXPRESSIONS
              in  myproxy-server.config(5).   For  example,  if an argument of -r "Jim Basney" is
              specified, then the resulting policy  will  be  "*/CN=Jim  Basney".   This  is  the
              default behavior.

       -k name, --credname name
              Specifies the credential name.

       -K description, --creddesc description
              Specifies credential description.

EXIT STATUS

       0 on success, >0 on error

AUTHORS

       See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors.

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),   myproxy-init(1),
       myproxy-logon(1),   myproxy-retrieve(1),    myproxy-store(1),    myproxy-server.config(5),
       myproxy-admin-adduser(8),  myproxy-admin-change-pass(8),  myproxy-admin-query(8), myproxy-
       server(8)