myproxy-admin-load-credential(8) MyProxy myproxy-admin-load-credential(8)
NAME
myproxy-admin-load-credential - directly load repository
SYNOPSIS
myproxy-admin-load-credential [ options ]
DESCRIPTION
The myproxy-admin-load-credential command stores a credential directly
in the local MyProxy repository. It must be run from the account that
owns the repository. Many of the options are similar to myproxy-
init(1). However, unlike myproxy-init, myproxy-admin-load-credential
does not create a proxy from the source credential but instead directly
loads a copy of the source credential into the repository. The pass
phrase of the source credential is unchanged. Use myproxy-admin-
change-pass(8) to change the pass phrase after the credential is stored
if desired. Proxy credentials with default lifetime of 12 hours can
then be retrieved by myproxy-logon(1) using the MyProxy passphrase.
The command's behavior is controlled by the following options.
OPTIONS
-h, --help
Displays command usage text and exits.
-u, --usage
Displays command usage text and exits.
-v, --verbose
Enables verbose debugging output to the terminal.
-V, --version
Displays version information and exits.
-s dir, --storage dir
Specifies the location of the credential storage directory. The
directory must be accessible only by the user running the
myproxy-server process for security reasons. Default:
/var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
-c filename, --certfile filename
Specifies the filename of the source certificate. This is a
required parameter.
-y filename, --keyfile filename
Specifies the filename of the source private key. This is a
required parameter. If the private key is encrypted, MyProxy
clients will be required to give the encryption passphrase to
access the key. When used with -R or -Z, it is common for the
private key to not be encrypted, so MyProxy clients can access
the credentials using only certificate-based authentication and
authorization.
-l username, --username username
Specifies the MyProxy account under which the credential should
be stored. By default, the command uses the value of the LOG-
NAME environment variable. Use this option to specify a differ-
ent account username on the MyProxy server. The MyProxy user-
name need not correspond to a real Unix username.
-t hours, --proxy_lifetime hours
Specifies the maximum lifetime of credentials retrieved from the
myproxy-server(8) using the stored credential. Default: 12
hours
-d, --dn_as_username
Use the certificate subject (DN) as the username.
-a, --allow_anonymous_retrievers
Allow credentials to be retrieved with just pass phrase authen-
tication. By default, only entities with credentials that match
the myproxy-server.config(5) default retriever policy may
retrieve credentials. This option allows entities without
existing credentials to retrieve a credential using pass phrase
authentication by including "anonymous" in the set of allowed
retrievers. The myproxy-server.config(5) server-wide policy
must also allow "anonymous" clients for this option to have an
effect.
-A, --allow_anonymous_renewers
Allow credentials to be renewed by any client. Any client with
a valid credential with a subject name that matches the stored
credential may retrieve a new credential from the MyProxy repos-
itory if this option is given. Since this effectively defeats
the purpose of proxy credential lifetimes, it is not recom-
mended. It is included only for sake of completeness.
-r name, --retrievable_by name
Allow the specified entity to retrieve credentials. See -x and
-X options for controlling name matching behavior.
-E name, --retrieve_key name
Allow the specified entity to retrieve end-entity credentials.
See -x and -X options for controlling name matching behavior.
-R name, --renewable_by name
Allow the specified entity to renew credentials. See -x and -X
options for controlling name matching behavior.
-Z name, --retrievable_by_cert name
Allow the specified entity to retrieve credentials without a
passphrase. See -x and -X options for controlling name matching
behavior.
-x, --regex_dn_match
Specifies that names used with following options -r, -E, -R, and
-Z will be matched against the full certificate subject distin-
guished name (DN) according to REGULAR EXPRESSIONS in myproxy-
server.config(5).
-X, --match_cn_only
Specifies that names used with following options -r, -E, -R, and
-Z will be matched against the certificate subject common name
(CN) according to REGULAR EXPRESSIONS in myproxy-server.con-
fig(5). For example, if an argument of -r "Jim Basney" is spec-
ified, then the resulting policy will be "*/CN=Jim Basney".
This is the default behavior.
-k name, --credname name
Specifies the credential name.
-K description, --creddesc description
Specifies credential description.
EXIT STATUS
0 on success, >0 on error
AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1),
myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-
store(1), myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-
admin-change-pass(8), myproxy-admin-query(8), myproxy-server(8)
MyProxy 2011-09-05 myproxy-admin-load-credential(8)
Man(1) output converted with
man2html