Provided by: voms-clients_2.0.12-4build1_amd64 bug

NAME

       voms-proxy-fake - create a proxy with VOMS extensions

SYNOPSIS

       voms-proxy-fake [options]

DESCRIPTION

       The  voms-proxy-fake  generates a proxy containing arbitrary attributes without contacting
       the VOMS server.

OPTIONS

       Options may be specified indifferently with either a "-" or "--" prefix.

       -help Displays usage.

       -version Displays version.

       -debug Enables extra debug output.

       -q Quiet mode, minimal output.

       -verify Verifies certificate to make proxy for.

       -pwstdin Allows passphrase from stdin.

       -limited Creates a limited proxy.

       -hours  H Proxy is valid for H hours (default:12).

       -vomslife  H Tries to get an AC with information valid for H hours.  The  default  is  "as
       long  as  the  proxy  certificate".  The  special value 0 means as long as the server will
       allow.

       -bits  B Number of bits in key {0|512|1024|2048|4096}. 0 is a special value  which  means:
       same number of bits as in the issuing certificate.

       -cert  certfile Non-standard location of user certificate

       -key  keyfile Non-standard location of user key

       -certdir  certdir Location of trusted certificates dir

       -out  proxyfile Location of new proxy cert

       -voms   voms[:command]  Specifies  the  fake VOMS server that will appear in the attribute
       certificate. command is ignored and is present for compatibility with voms-proxy-init.

       -include  file Includes file in the certificate (in a non critical extension)

       -conf  file Read options from file.

       -policy The file containing the policy expression.

       -policy-language  pl  The  language  in  which  the  policy  is  expressed.   Default   is
       IMPERSONATION_PROXY.

       -path-length Maximum depth of proxy certfificate that can be signed from this.

       -globus  version Underlying Globus version.

       -proxyver  Version  of  the  proxy  certificate to create. May be 2 or 3. Default value is
       decided upon underlying globus version.

       -separate  file Saves the voms credential on file file.

       -hostcert  file The cert that will be used to sign the AC.

       -hostkey  file The key thet will be used to sign the AC.

       -fqan  file The string that will be included in the AC as the granted FQAN.

       -newformat

       This forces the server to generate ACs in the new (correct) format. This  is  meant  as  a
       compatibility feature to ease migration while the servers upgrade to the new version.

       -newsubject  newdn

       The  created  proxy  will  have  newdn  as subject rather than what is would normally have
       depending on the specific version  of  proxy  created.  Non-printable  characters  may  be
       specified via the '\XX' encoding, where XX are two hexadecimal characters.

       -newissuer  newdn

       The  created  proxy  will  have  newdn  as  issuer rather than what is would normally have
       depending on the specific version  of  proxy  created.  Non-printable  characters  may  be
       specified via the '\XX' encoding, where XX are two hexadecimal characters.

       -newserial  newserial

       The created proxy will have the newserial as its serial number. The new serial number will
       have to be specified as an hex representation. Any length is possible. If this  option  is
       not specified, voms-proxy-fake will choose the serial number.

       -pastac  timespec

       The created AC will have its validity start in the past, as specified by timespec.

       The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds

       -pastproxy  timespec

       The created proxy will have its validity start in the past as specified by timespec

       The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds

       -nscert  bit,...,bit

       The  created  proxy  will  have  the specified bits in the Netscape Certificate Extension.
       Acceptable values for bit are: client, server, email, objsign, sslCA, emailCA, objCA.  The
       default value is not to have this extension.

       -extkeyusage  bit,...,bit

       The  created  proxy  will  have  the  specified  bits in the Extended Key Usage Extension.
       Acceptable values for  bit  are:  serverAuth,  clientAuth,  codeSigning,  emailProtection,
       timeStamping,  msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL. The default
       value is not to have this extensions.

       -keyusage  bit,...,bit

       The created proxy will have the specified bits in the  Key  Usage  Extensions.  Acceptable
       values  for  bit are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment,
       keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly. The default  value  is  to
       copy  this  extensions  from  the  issuer  certificate  while removing the keyCertSign and
       nonRepudiation bits if present.

       -selfsigned

       The created certificate will be a self-signed certificate and have a CA=true  bit  in  the
       Basic constraints Exception.

       -extension  oid[/criticality]value

       This  option  allows  to  specified  additional  extensions  to  be  put  in  the  created
       certificate.

       oid is the Object Identifier of the extensions. Any OID may be used  even  if  it  is  not
       already known in advance. This must always be specified. There is no default.

       criticality  specifies  whether  the  extensions is critical or not, and it must be either
       true or false. If absent, it defaults to false.

       value is the value of the extensions. It is composed by two subfields, type  and  content.
       type  is  a  single charater, and specifies how the content is interpreted. ':' means that
       content is a text string to  be  included  as  is.  '~'  means  that  content  is  an  hex
       representation  of  the  string.  '+'  means that content is the name of a file which will
       contain the actual data.

       -acextension  oid[/criticality]value

       This option allows to specified additional extensions to be put in the  created  attribute
       certificate.

       oid  is  the  Object  Identifier  of the extensions. Any OID may be used even if it is not
       already known in advance. This must always be specified. There is no default.

       criticality specifies whether the extensions is critical or not, and  it  must  be  either
       true or false. If absent, it defaults to false.

       value  is  the value of the extensions. It is composed by two subfields, type and content.
       type is a single charater, and specifies how the content is interpreted.  ':'  means  that
       content  is  a  text  string  to  be  included  as  is.  '~'  means that content is an hex
       representation of the string. '+' means that content is the name  of  a  file  which  will
       contain the actual data.

       -ga  id = value  [(qualifier)]

       This  option  adds  the  generic attribute specified to the AC generated. Please note that
       spaces before and after the '=' char are swallowed in the command line.

       -voinfo  file

       The file file contains informations for additional ACs that  should  be  included  in  the
       created  proxy.  ACs  specified via the -voinfo option shall be added before ACs specified
       via the command line options.

       The format of the file is the following:

       [voname]

       parameter=value

       parameter=value

       ...

BUGS

       EGEE Bug Tracking Tool: https://savannah.cern.ch/projects/jra1mdw/

SEE ALSO

       voms-proxy-fake(1), voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)

       EDT Auth Home page: http://grid-auth.infn.it

       CVSweb: http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms

       RPM repository: http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3

AUTHORS

       Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.

       Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.

COPYRIGHT

       Copyright (c) Members of the EGEE Collaboration. 2004.  See  the  beneficiaries  list  for
       details on the copyright holders.

       Licensed  under the Apache License, Version 2.0 (the "License"); you may not use this file
       except in compliance with the License. You may obtain a copy of the License at

       www.apache.org/licenses/LICENSE-2.0: http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software distributed under  the
       License  is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
       either express or implied. See the License for the specific language governing permissions
       and limitations under the License.

                                                                               VOMS-PROXY-FAKE(1)