myproxy-store(1)                    MyProxy                   myproxy-store(1)




NAME

       myproxy-store - store end-entity credential for later retrieval


SYNOPSIS

       myproxy-store [ options ]


DESCRIPTION

       The  myproxy-store  command uploads a credential to a myproxy-server(8)
       for later retrieval.  The user must have a valid  proxy  credential  as
       generated by grid-proxy-init or retrieved by myproxy-logon(1) when run-
       ning this command.  Unlike myproxy-init(1), this command transfers  the
       private  key over the network (over a private channel).  In the default
       mode,   the   command   will   take   the    credentials    found    in
       ~/.globus/usercert.pem  and ~/.globus/userkey.pem and store them in the
       myproxy-server(8) repository.  Proxy credentials with default  lifetime
       of 12 hours can then be retrieved by myproxy-logon(1) using the creden-
       tial passphrase.  The default behavior can  be  overridden  by  options
       specified below.

       The  hostname  where the myproxy-server(8) is running must be specified
       by either defining the MYPROXY_SERVER environment variable  or  the  -s
       option.


OPTIONS

       -h, --help
              Displays command usage text and exits.

       -u, --usage
              Displays command usage text and exits.

       -v, --verbose
              Enables verbose debugging output to the terminal.

       -V, --version
              Displays version information and exits.

       -s hostname[:port], --pshost hostname[:port]
              Specifies  the  hostname(s)  of the myproxy-server(s).  Multiple
              hostnames, each hostname optionally followed by a ':'  and  port
              number, may be specified in a comma-separated list.  This option
              is required if the MYPROXY_SERVER environment  variable  is  not
              defined.  If specified, this option overrides the MYPROXY_SERVER
              environment variable. If a port number is specified with a host-
              name,   it   will   override  the  -p  option  as  well  as  the
              MYPROXY_SERVER_PORT environment variable for that host.

       -p port, --psport port
              Specifies  the  TCP  port  number  of   the   myproxy-server(8).
              Default:   7512   If   specified,   this  option  overrides  the
              MYPROXY_SERVER_PORT environment variable.

       -l username, --username username
              Specifies the MyProxy account under which the credential  should
              be  stored.   By default, the command uses the value of the LOG-
              NAME environment variable.  Use this option to specify a differ-
              ent  account  username on the MyProxy server.  The MyProxy user-
              name need not correspond to a real Unix username.

       -c filename, --certfile filename
              Specifies  the  filename  of  the source certificate.

       -y filename, --keyfile filename
              Specifies the filename of the source private key.

       -t hours, --proxy_lifetime hours
              Specifies the maximum lifetime of credentials retrieved from the
              myproxy-server(8)  using  the  stored  credential.   Default: 12
              hours

       -d, --dn_as_username
              Use the  certificate  subject  (DN)  as  the  default  username,
              instead of the LOGNAME environment variable.

       -a, --allow_anonymous_retrievers
              Allow  credentials to be retrieved with just pass phrase authen-
              tication.  By default, only entities with credentials that match
              the   myproxy-server.config(5)   default  retriever  policy  may
              retrieve  credentials.   This  option  allows  entities  without
              existing  credentials to retrieve a credential using pass phrase
              authentication by including "anonymous" in the  set  of  allowed
              retrievers.   The  myproxy-server.config(5)  server-wide  policy
              must also allow "anonymous" clients for this option to  have  an
              effect.

       -A, --allow_anonymous_renewers
              Allow  credentials to be renewed by any client.  Any client with
              a valid credential with a subject name that matches  the  stored
              credential may retrieve a new credential from the MyProxy repos-
              itory if this option is given.  Since this  effectively  defeats
              the  purpose  of  proxy  credential  lifetimes, it is not recom-
              mended.  It is included only for sake of completeness.

       -r name, --retrievable_by name
              Allow the specified entity to retrieve credentials.  See -x  and
              -X options for controlling name matching behavior.

       -E name, --retrieve_key name
              Allow  the  specified entity to retrieve end-entity credentials.
              See -x and -X options for controlling name matching behavior.

       -R name, --renewable_by name
              Allow the specified entity to renew credentials.  See -x and  -X
              options for controlling name matching behavior.

       -Z name, --retrievable_by_cert name
              Allow  the  specified  entity  to retrieve credentials without a
              passphrase.  See -x and -X options for controlling name matching
              behavior.

       -x, --regex_dn_match
              Specifies that names used with following options -r, -E, -R, and
              -Z will be matched against the full certificate subject  distin-
              guished  name  (DN) according to REGULAR EXPRESSIONS in myproxy-
              server.config(5).

       -X, --match_cn_only
              Specifies that names used with following options -r, -E, -R, and
              -Z  will  be matched against the certificate subject common name
              (CN) according to  REGULAR  EXPRESSIONS  in  myproxy-server.con-
              fig(5).  For example, if an argument of -r "Jim Basney" is spec-
              ified, then the resulting  policy  will  be  "*/CN=Jim  Basney".
              This is the default behavior.

       -k name, --credname name
              Specifies the credential name.

       -K description, --creddesc description
              Specifies credential description.


       EXIT STATUS
              0 on success, >0 on error


FILES

       ~/.globus/usercert.pem
              Default location of the certificate to be stored on the myproxy-
              server.  Use the --certfile option to override.

       ~/.globus/userkey.pem
              Default location of the private key to be stored on the myproxy-
              server.  Use the --keyfile option to override.

       -T, --trustroots
              Retrieve CA certificates directory from server (if available) to
              store in the location specified by the X509_CERT_DIR environment
              variable if set or /etc/grid-security/certificates if running as
              root or ~/.globus/certificates if running as non-root.


ENVIRONMENT

       GLOBUS_GSSAPI_NAME_COMPATIBILITY
              This client will, by default, perform a  reverse-DNS  lookup  to
              determine the FQHN (Fully Qualified Host Name) to use in verify-
              ing the identity of the server by checking the FQHN against  the
              CN   in   server's   certificate.    Setting  this  variable  to
              STRICT_RFC2818 will cause the reverse-DNS lookup to NOT be  per-
              formed  and  the  user-specified  name to be used instead.  This
              variable setting will be ignored if MYPROXY_SERVER_DN (described
              later) is set.

       MYPROXY_SERVER
              Specifies  the  hostname(s)  where the myproxy-server(8) is run-
              ning. Multiple hostnames can be specified in a  comma  separated
              list  with  each  hostname optionally followed by a ':' and port
              number.  This environment variable can be used in place  of  the
              -s option.

       MYPROXY_SERVER_PORT
              Specifies the port where the myproxy-server(8) is running.  This
              environment variable can be used in place of the -p option.

       MYPROXY_SERVER_DN
              Specifies the distinguished name (DN) of the  myproxy-server(8).
              All  MyProxy client programs authenticate the server's identity.
              By default, MyProxy servers run with host  credentials,  so  the
              MyProxy  client  programs  expect  the  server to have a distin-
              guished name with "/CN=host/<fqhn>" or  "/CN=myproxy/<fqhn>"  or
              "/CN=<fqhn>"  (where  <fqhn>  is the fully-qualified hostname of
              the server).  If the server is running with some other  DN,  you
              can set this environment variable to tell the MyProxy clients to
              accept the alternative DN. Also see  GLOBUS_GSSAPI_NAME_COMPATI-
              BILITY above.

       MYPROXY_TCP_PORT_RANGE
              Specifies  a  range  of valid port numbers in the form "min,max"
              for the client side of the network connection to the server.  By
              default,  the  client will bind to any available port.  Use this
              environment variable to restrict  the  ports  used  to  a  range
              allowed  by  your  firewall.   If unset, MyProxy will follow the
              setting of the GLOBUS_TCP_PORT_RANGE environment variable.

       X509_USER_CERT
              Specifies a non-standard location for the certificate to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location for the certificate to be stored unless the  -c  option
              is given.

       X509_USER_KEY
              Specifies a non-standard location for the private key to be used
              for authentication to the myproxy-server(8).  Also specifies the
              location  for  the private key to be stored unless the -y option
              is given.

       X509_USER_PROXY
              Specifies a non-standard location for the proxy credential to be
              used for authentication to the myproxy-server(8).

       X509_CERT_DIR
              Specifies a non-standard location for the CA certificates direc-
              tory.


AUTHORS

       See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.


SEE ALSO

       myproxy-change-pass-phrase(1),  myproxy-destroy(1),  myproxy-get-trust-
       roots(1),   myproxy-info(1),   myproxy-logon(1),   myproxy-retrieve(1),
       myproxy-server.config(5),   myproxy-admin-adduser(8),    myproxy-admin-
       change-pass(8),     myproxy-admin-load-credential(8),    myproxy-admin-
       query(8), myproxy-server(8) myproxy-retrieve(1)



MyProxy                           2011-09-05                  myproxy-store(1)

Man(1) output converted with man2html