
myproxy-admin-adduser(8)            MyProxy           myproxy-admin-adduser(8)

NAME

       myproxy-admin-adduser - add a user or service credential

SYNOPSIS

       myproxy-admin-adduser [ options ]

       myproxy-admin-addservice [ options ]

DESCRIPTION

       The  myproxy-admin-adduser and myproxy-admin-addservice commands create
       a new credential for a user or service and load  it  into  the  MyProxy
       repository.   They  are  perl(1)  scripts that run grid-cert-request (a
       standard Globus Toolkit program) and grid-ca-sign (from the Globus Sim-
       ple  CA  package)  to create the credential and then run myproxy-admin-
       load-credential(8) to load the credential into the MyProxy repository.

       The command prompts for the common name to be included in the new  cer-
       tificate  (if  the  -c argument is not specified), the Globus Simple CA
       key password for signing the certificate, the MyProxy username (if  the
       -l  or  -d arguments are not specified), and the MyProxy passphrase for
       the credential.  Most of the command-line options for this command  are
       passed directly to the myproxy-admin-load-credential(8) command.

       The  grid-ca-sign  program is not provided in the MyProxy distribution.
       It must be installed separately, from the Globus Simple CA package.

OPTIONS

       -h     Displays command usage text and exits.

       -u     Displays command usage text and exits.

       -c cn  Specifies the Common Name for the new credential  (for  example:
              "Jim Basney").

       -s dir Specifies the location of the credential storage directory.  The
              directory must be  accessible  only  by  the  user  running  the
              myproxy-server   process   for   security   reasons.    Default:
              /var/myproxy or $GLOBUS_LOCATION/var/myproxy

       -l username
              Specifies the MyProxy account under which the credential  should
              be stored.

       -t hours
              Specifies the maximum lifetime of credentials retrieved from the
              myproxy-server(8) using  the  stored  credential.   Default:  12
              hours

       -p CA-password
              Specifies the password for the CA's private key using the format
              documented in the PASS PHRASE ARGUMENTS section of openssl(1).

       -n     Disables passphrase authentication for  the  stored  credential.
              If  specified, the command will not prompt for a passphrase, the
              credential will not be encrypted by a passphrase in the  reposi-
              tory,   and   the  credential  will  not  be  retrievable  using
              passphrase authentication with myproxy-logon(1).  This option is
              used for storing renewable credentials and is implied by -R.

       -d     Use the certificate subject (DN) as the username.

       -a     Allow  credentials to be retrieved with just pass phrase authen-
              tication.  By default, only entities with credentials that match
              the   myproxy-server.config(5)   default  retriever  policy  may
              retrieve  credentials.   This  option  allows  entities  without
              existing  credentials to retrieve a credential using pass phrase
              authentication by including "anonymous" in the  set  of  allowed
              retrievers.   The  myproxy-server.config(5)  server-wide  policy
              must also allow "anonymous" clients for this option to  have  an
              effect.

       -A     Allow  credentials to be renewed by any client.  Any client with
              a valid credential with a subject name that matches  the  stored
              credential may retrieve a new credential from the MyProxy repos-
              itory if this option is given.  Since this  effectively  defeats
              the  purpose  of  proxy  credential  lifetimes, it is not recom-
              mended.  It is included only for sake of completeness.

       -r dn  Allow the specified entity to retrieve credentials.  By default,
              the argument will be matched against the common name (CN) of the
              client (for example: "Jim  Basney").   Specify  -x  before  this
              option  to  match  against the full distinguished name (DN) (for
              example: "/C=US/O=National Computational Science Alliance/CN=Jim
              Basney") instead.

       -R dn  Allow  the  specified  entity to renew credentials.  By default,
              the argument will be matched against the common name (CN) of the
              client (for example: "condorg/modi4.ncsa.uiuc.edu").  Specify -x
              before this option to match against the full distinguished  name
              (DN)   (for  example:  "/C=US/O=National  Computational  Science
              Alliance/CN=condorg/modi4.ncsa.uiuc.edu") instead.  This  option
              implies  -n since passphrase authentication is not used for cre-
              dential renewal.

       -x     Specifies that the DN used by options -r and -R will be  matched
              as a regular expression.

       -X     Specifies  that the DN used by options -r and -R will be matched
              against the Common Name (CN) of the subject.

       -k name
              Specifies the credential name.

       -K description
              Specifies credential description.

EXIT STATUS

       0 on success, >0 on error

AUTHORS

       Bill Baker, Jim Basney,  Shiva  Shankar  Chetan,  Patrick  Duda,  Terry
       Fleury,  Jarek  Gawor,  Monte  Goode,  Daniel Kouril, Zhenmin Li, Jason
       Novotny, Miroslav Ruda, Benjamin Temko, and Von Welch

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

EXIT STATUS

AUTHORS

SEE ALSO