xenial (1) voms-proxy-init3.1.gz

Provided by: voms-clients-java_3.0.6-3_all bug

NAME

       voms-proxy-init - creates a proxy certificate with VOMS extensions

SYNOPSIS

       voms-proxy-init [options]

DESCRIPTION

       The voms-proxy-init command generates a proxy with the VOMS information included in an X.509 non critical
       extension.

       The VOMS attributes are obtained from a known VOMS server. The list of known VOMS servers is configured
       using a vomses configuration file, whose syntax is documented in the vomses man page. A custom vomses
       location can be specified using the --vomses option.

       VOMS attributes are requested only if the -voms option is passed on the command line, specifying for
       which Virtual Organizations (VOs) attributes are requested.

       VOMS attributes are signed by the VOMS server that issues them. The signature is verified on the client
       side leveraging local trust information, which is typically maintained in /etc/grid-security/vomsdir. The
       vomsdir structure is documented in the vomsdir man page. A custom vomsdir can be specified using the
       --vomsdir option.

       The default location of the proxy generated by voms-proxy-init is

            /tmp/x509up_u<user_id>

       where user_id is the effective user id of the user running the command. A non-standard location for the
       proxy can be specified using the -out option.

   Requesting VOMS attributes
       Attributes can be requested using the -voms option. A basic usage is given in the following example:

           voms-proxy-init -voms <voname>

       where voname is the name of one of the configured VOs. The above command will create a proxy containing a
       VOMS extension which holds all group attributes beloging to the user.

       VOMS roles are conditional attributes which are included in a VOMS attribute certificate only when
       explicitly requested. Roles can be requested using a command like the following one:

           voms-proxy-init -voms atlas:/atlas/Role=pilot

   Ordering requested attributes
       Typically VOMS attributes are returned in the order on which they are requested on the command line. For
       instance, the following command:

           voms-proxy-init -voms infngrid:/infngrid/group1 -voms infngrid:/infngrid/Role=pilot

       will produce an Attribute Certificate which has as the primary attribute /infngrid/group1, followed by
       /infngrid/Role=pilot, and then by the other attributes belonging to the user. The -order can also be used
       to express order requirements.

   Setting the validity period of the generated proxy and attribute certificate
       By default, voms-proxy-init will generate a proxy valid for 12 hours including a VOMS extension valid for
       the same time (if requested). These time periods can be changed using the -valid option, which will set
       the validity of both the proxy and the AC. Note that the validity of the AC can only be "proposed" by
       voms-proxy-init, as the AC validity is set by the VOMS server and its maximum value is limited by local
       VOMS server configuration (typically the maximum value is 24 hours).

   Setting the type of proxy generated by voms-proxy-init
       By default, voms-proxy-init generates a legacy proxy compatible with Globus Toolkit version 2. This
       behaviour can be changed using the -rfc option, which will produce an RFC3820 compliant proxy. In order
       to generate a Globus Toolkit version 3 proxy, i.e. a draft compliant proxy, use the -proxyver 3 option.

CONFIGURATION

       Local configuration for trusted VOs is needed for voms-proxy-init to work properly. See the vomses(5) and
       vomsdir(5) man pages for more details.

OPTIONS

       Options may be specified using either a "-" or "--" prefix.

       -b,--bits <num-bits>

           Number of bits in key {512|1024|2048|4096}

       --cert <certfile>

           Nonstandard location of user certificate

       --certdir <certdir>

           Nonstandard location of trusted cert dir

       --conf <file>

           Read options from <file>

       --debug

           Enables extra debug output

       --dont_verify_ac

           Skips AC verification

       -f,--failonwarn

           Treat warnings as errors

       --help

           Displays helps and exits

       --hours <hours>

           Sets the generated proxy validity to H hours (default:12).
           Note that this option only sets the lifetime of the generated proxy.
           Use -valid to set lifetime for both the proxy and the AC.

       --ignorewarn

           Ignore warnings

       -k,--key <keyfile>

           Non standard location of user key

       --limited

           Creates a limited proxy

       -n,--noregen

           Use an existing proxy certificate to obtain VOMS attributes and to sign the new generated proxy

       --old

           Creates a legacy, GT2 compliant proxy (synonymous with '-proxyver 2')

       --order <fqan>

           The fqan specified with this option is set as the primary FQAN if present in the list of  attributes returned by the server.
           Use this option more than once if you want to set the  order for more than one FQAN.

       --out <proxyfile>

           Non standard location of the generated proxy certificate

       --path_length <L>

           Allow a chain of at most L proxies to be generated and signed from the proxy created by voms-proxy-init.

       --proxyver <2|3|4>

           Sets the type of proxy generated by VOMS proxy init. 2 stands for legacy proxy,3 for draft proxy, 4 for rfc proxy.
           Use -old or -rfc instead of this option.

       --pwstdin

           Reads private key passphrase from standard input.

       -q,--quiet

           Quiet mode, minimal output

       -r,--rfc

           Creates an RFC 3820 compliant proxy (synonymous with '-proxyver 4')

       --target <hostname>

           Targets the AC against a specific hostname. Multiple targets can be expressed using this option multiple times.

       --usage

           Displays helps and exits

       --valid <h:m>

           Sets generated proxy and AC validity to h hours and m minutes (defaults to 12:00).
           Note that the VOMS server could shorten the validity of the issued AC depending on the server configuration.

       --verify

           Verifies the validity of the user certificate.

       --version

           Displays version

       --voms <voms<:fqan>>

           Specifies the VO for which the AC is requested. <:fqan> is optional,and is used to ask for
           specific attributes (e.g:  --voms atlas:/atlas/Role=pilot).
           This option can be used multiple times to request multiple FQANs for different VOs.
           The order in which the option appears on the command line influence the order of the issued attributes.

       --vomsdir <DIR>

           Sets the path where lsc files and other local VOMS trust anchors will be looked for.

       --vomses <vomses file>

           Specifies the name of a VOMSES file from which VOMS server contact information is parsed.

       --vomslife <h:m>

           Sets the validity of the requested VOMS attribute certificate to h hours and m minutes (defaults to the value of the '-valid' option)

BUGS

       To report bugs or ask for support, use GGUS: https://ggus.eu/pages/home.php

AUTHORS

       Andrea Ceccanti <andrea.ceccanti@cnaf.infn.it>

       Daniele Andreotti <daniele.andreotti@cnaf.infn.it>

       Valerio Venturi <valerio.venturi@cnaf.infn.it>

SEE ALSO

       voms-proxy-destroy(1), voms-proxy-info(1), vomses(5), vomsdir(5)

COPYING

       Copyright 2012 Istituto Nazionale di Fisica Nucleare

       Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in
       compliance with the License. You may obtain a copy of the License at

           http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software distributed under the License is
       distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and limitations under the License.

                                                   09/26/2013                                 VOMS-PROXY-INIT(1)