xenial (1) voms-proxy-fake.1.gz

Provided by: voms-clients_2.0.12-4build1_amd64 bug

NAME

       voms-proxy-fake - create a proxy with VOMS extensions

SYNOPSIS

       voms-proxy-fake [options]

DESCRIPTION

       The voms-proxy-fake generates a proxy containing arbitrary attributes without contacting the VOMS server.

OPTIONS

       Options may be specified indifferently with either a "-" or "--" prefix.

       -help Displays usage.

       -version Displays version.

       -debug Enables extra debug output.

       -q Quiet mode, minimal output.

       -verify Verifies certificate to make proxy for.

       -pwstdin Allows passphrase from stdin.

       -limited Creates a limited proxy.

       -hours  H Proxy is valid for H hours (default:12).

       -vomslife   H Tries to get an AC with information valid for H hours. The default is "as long as the proxy
       certificate". The special value 0 means as long as the server will allow.

       -bits  B Number of bits in key {0|512|1024|2048|4096}. 0 is a special value which means: same  number  of
       bits as in the issuing certificate.

       -cert  certfile Non-standard location of user certificate

       -key  keyfile Non-standard location of user key

       -certdir  certdir Location of trusted certificates dir

       -out  proxyfile Location of new proxy cert

       -voms   voms[:command]  Specifies  the  fake  VOMS  server that will appear in the attribute certificate.
       command is ignored and is present for compatibility with voms-proxy-init.

       -include  file Includes file in the certificate (in a non critical extension)

       -conf  file Read options from file.

       -policy The file containing the policy expression.

       -policy-language pl The language in which the policy is expressed. Default is IMPERSONATION_PROXY.

       -path-length Maximum depth of proxy certfificate that can be signed from this.

       -globus  version Underlying Globus version.

       -proxyver Version of the proxy certificate to create. May be 2  or  3.  Default  value  is  decided  upon
       underlying globus version.

       -separate  file Saves the voms credential on file file.

       -hostcert  file The cert that will be used to sign the AC.

       -hostkey  file The key thet will be used to sign the AC.

       -fqan  file The string that will be included in the AC as the granted FQAN.

       -newformat

       This  forces  the  server  to  generate ACs in the new (correct) format. This is meant as a compatibility
       feature to ease migration while the servers upgrade to the new version.

       -newsubject  newdn

       The created proxy will have newdn as subject rather than what is would normally  have  depending  on  the
       specific  version  of  proxy  created.  Non-printable characters may be specified via the '\XX' encoding,
       where XX are two hexadecimal characters.

       -newissuer  newdn

       The created proxy will have newdn as issuer rather than what is would  normally  have  depending  on  the
       specific  version  of  proxy  created.  Non-printable characters may be specified via the '\XX' encoding,
       where XX are two hexadecimal characters.

       -newserial  newserial

       The created proxy will have the newserial as its serial number. The new serial number  will  have  to  be
       specified  as  an  hex  representation.  Any  length  is  possible.  If  this  option  is  not specified,
       voms-proxy-fake will choose the serial number.

       -pastac  timespec

       The created AC will have its validity start in the past, as specified by timespec.

       The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds

       -pastproxy  timespec

       The created proxy will have its validity start in the past as specified by timespec

       The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds

       -nscert  bit,...,bit

       The created proxy will have the specified bits in the Netscape Certificate Extension.  Acceptable  values
       for bit are: client, server, email, objsign, sslCA, emailCA, objCA. The default value is not to have this
       extension.

       -extkeyusage  bit,...,bit

       The created proxy will have the specified bits in the Extended Key Usage Extension. Acceptable values for
       bit  are:  serverAuth,  clientAuth,  codeSigning,  emailProtection,  timeStamping,  msCodeInd, msCodeCom,
       msCTLSign, msSGC, msEFS, nsSGC, deltaCRL. The default value is not to have this extensions.

       -keyusage  bit,...,bit

       The created proxy will have the specified bits in the Key Usage Extensions.  Acceptable  values  for  bit
       are:  digitalSignature,  nonRepudiation,  keyEncipherment,  dataEncipherment,  keyAgreement, keyCertSign,
       cRLSign, encipherOnly, decipherOnly. The default value  is  to  copy  this  extensions  from  the  issuer
       certificate while removing the keyCertSign and nonRepudiation bits if present.

       -selfsigned

       The created certificate will be a self-signed certificate and have a CA=true bit in the Basic constraints
       Exception.

       -extension  oid[/criticality]value

       This option allows to specified additional extensions to be put in the created certificate.

       oid is the Object Identifier of the extensions. Any OID may be used even if it is not  already  known  in
       advance. This must always be specified. There is no default.

       criticality  specifies whether the extensions is critical or not, and it must be either true or false. If
       absent, it defaults to false.

       value is the value of the extensions. It is composed by two subfields, type and content. type is a single
       charater,  and  specifies  how  the content is interpreted. ':' means that content is a text string to be
       included as is. '~' means that content is an hex representation of the string. '+' means that content  is
       the name of a file which will contain the actual data.

       -acextension  oid[/criticality]value

       This option allows to specified additional extensions to be put in the created attribute certificate.

       oid  is  the  Object Identifier of the extensions. Any OID may be used even if it is not already known in
       advance. This must always be specified. There is no default.

       criticality specifies whether the extensions is critical or not, and it must be either true or false.  If
       absent, it defaults to false.

       value is the value of the extensions. It is composed by two subfields, type and content. type is a single
       charater, and specifies how the content is interpreted. ':' means that content is a  text  string  to  be
       included  as is. '~' means that content is an hex representation of the string. '+' means that content is
       the name of a file which will contain the actual data.

       -ga  id = value  [(qualifier)]

       This option adds the generic attribute specified to the AC generated. Please note that spaces before  and
       after the '=' char are swallowed in the command line.

       -voinfo  file

       The  file file contains informations for additional ACs that should be included in the created proxy. ACs
       specified via the -voinfo option shall be added before ACs specified via the command line options.

       The format of the file is the following:

       [voname]

       parameter=value

       parameter=value

       ...

BUGS

       EGEE Bug Tracking Tool: https://savannah.cern.ch/projects/jra1mdw/

SEE ALSO

       voms-proxy-fake(1), voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)

       EDT Auth Home page: http://grid-auth.infn.it

       CVSweb: http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms

       RPM repository: http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3

AUTHORS

       Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.

       Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.

       Copyright (c) Members of the EGEE Collaboration. 2004. See the beneficiaries  list  for  details  on  the
       copyright holders.

       Licensed  under  the  Apache  License,  Version  2.0 (the "License"); you may not use this file except in
       compliance with the License. You may obtain a copy of the License at

       www.apache.org/licenses/LICENSE-2.0: http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software  distributed  under  the  License  is
       distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and limitations under the License.

                                                                                              VOMS-PROXY-FAKE(1)