myproxy-admin-adduser(8) MyProxy myproxy-admin-adduser(8)
NAME
myproxy-admin-adduser - add a user or service credential
SYNOPSIS
myproxy-admin-adduser [ options ]
myproxy-admin-addservice [ options ]
DESCRIPTION
The myproxy-admin-adduser and myproxy-admin-addservice commands create
a new credential for a user or service and load it into the MyProxy
repository. They are perl(1) scripts that run grid-cert-request (a
standard Globus Toolkit program) and grid-ca-sign (from the Globus Sim-
ple CA package) to create the credential and then run myproxy-admin-
load-credential(8) to load the credential into the MyProxy repository.
The command prompts for the common name to be included in the new cer-
tificate (if the -c argument is not specified), the Globus Simple CA
key password for signing the certificate, the MyProxy username (if the
-l or -d arguments are not specified), and the MyProxy passphrase for
the credential. Most of the command-line options for this command are
passed directly to the myproxy-admin-load-credential(8) command.
The grid-ca-sign program is not provided in the MyProxy distribution.
It must be installed separately, from the Globus Simple CA package.
OPTIONS
-h Displays command usage text and exits.
-u Displays command usage text and exits.
-v Enables verbose debugging output to the terminal.
-c cn Specifies the Common Name for the new credential (for example:
"Jim Basney").
-s dir Specifies the location of the credential storage directory. The
directory must be accessible only by the user running the
myproxy-server process for security reasons. Default:
/var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
-l username
Specifies the MyProxy account under which the credential should
be stored.
-t hours
Specifies the maximum lifetime of credentials retrieved from the
myproxy-server(8) using the stored credential. Default: 12
hours
-p CA-password
Specifies the password for the CA's private key using the format
documented in the PASS PHRASE ARGUMENTS section of openssl(1).
-n Disables passphrase authentication for the stored credential.
If specified, the command will not prompt for a passphrase, the
credential will not be encrypted by a passphrase in the reposi-
tory, and the credential will not be retrievable using
passphrase authentication with myproxy-logon(1). This option is
used for storing renewable credentials and is implied by -R.
-d Use the certificate subject (DN) as the username.
-a Allow credentials to be retrieved with just pass phrase authen-
tication. By default, only entities with credentials that match
the myproxy-server.config(5) default retriever policy may
retrieve credentials. This option allows entities without
existing credentials to retrieve a credential using pass phrase
authentication by including "anonymous" in the set of allowed
retrievers. The myproxy-server.config(5) server-wide policy
must also allow "anonymous" clients for this option to have an
effect.
-A Allow credentials to be renewed by any client. Any client with
a valid credential with a subject name that matches the stored
credential may retrieve a new credential from the MyProxy repos-
itory if this option is given. Since this effectively defeats
the purpose of proxy credential lifetimes, it is not recom-
mended. It is included only for sake of completeness.
-r name
Allow the specified entity to retrieve credentials. See -x and
-X options for controlling name matching behavior.
-R name
Allow the specified entity to renew credentials. See -x and -X
options for controlling name matching behavior. This option
implies -n since passphrase authentication is not used for cre-
dential renewal.
-Z name, --retrievable_by_cert name
Allow the specified entity to retrieve credentials without a
passphrase. See -x and -X options for controlling name matching
behavior. This option implies -n.
-x Specifies that names used with following options -r, -R, and -Z
will be matched against the full certificate subject distin-
guished name (DN) according to REGULAR EXPRESSIONS in myproxy-
server.config(5).
-X Specifies that names used with following options -r, -R, and -Z
will be matched against the certificate subject common name (CN)
according to REGULAR EXPRESSIONS in myproxy-server.config(5).
For example, if an argument of -r "Jim Basney" is specified,
then the resulting policy will be "*/CN=Jim Basney". This is
the default behavior.
-k name
Specifies the credential name.
-K description
Specifies credential description.
EXIT STATUS
0 on success, >0 on error
AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1),
myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-
store(1), myproxy-server.config(5), myproxy-admin-change-pass(8),
myproxy-admin-load-credential(8), myproxy-admin-query(8), myproxy-
server(8)
MyProxy 2011-09-05 myproxy-admin-adduser(8)
Man(1) output converted with
man2html