init CredentialManager init
NAME
init - store a credential for later retrieval
SYNOPSIS
init [ options ] <CredentialManagerService factory handle's base URL> user name credential name
DESCRIPTION
The init command takes the CredentialManagerService factoryGSH's
base URL (OGSA container address), the user name and credential name as
the input arguments.
It creates a service instance and uploads a credential for later retrieval.
The credential to be delegated is generated from certificate and private
key and in stored in the default location ( /tmp/x509up_u<uid> ),
which can be overridden by environmental variable X509_USER_PROXY.
In the default mode, the command first prompts for the user's Grid
pass phrase, which is used to create a proxy credential. The command then
prompts for a Credential pass phrase, which will be required to later
retrieve the credential. A credential with a lifetime of one week (by default)
is then delegated to the server and stored with the given Credential pass
phrase. Proxy credentials with default lifetime of 12 hours can then be
retrieved by get using the Credential passphrase. The default behavior
can be overridden by options specified below.
Currently, the init command does not allow anonymous retrievers.
That it, only entities with credentials can retrieve the credential. It is
not possible to retrieve the credential with just pass phrase authentication.
OPTIONS
-gsiSecConv type --gsi_Secure_Conversation type
Specifies the type of GSI Secure Conversation.
There are two types available:
'sig' - for XML Signature
'enc' - for XML Encryption (default)
-gsiXmlSig
Enables GSI XML Signature (can be used together with -gssxml).
-deleg mode --delegation_mode mode
Specifies the mode of delegation.
The modes available are:
'limited' - performs limited delegation
'full' - performs full delegation (default)
-auth type --authorization_type type
The types available are:
'host' - performs host authorization (default)
'self' - performs self authorization
'none' - disables authorization
Otherwise, identity authorization is performed with type identity.
-debug
Enables debug mode.
-c hours, --cred_lifetime hours
Specifies the lifetime of the credential stored on the server
in hours. The service instance lifetime is set the same as
the lifetime of the credential. Default: 1 week (168 hours)
-t hours, --proxy_lifetime hours
Specifies the maximum lifetime of credentials retrieved from the
server using the stored credential. Default: 12 hours
FILES
~/.globus/usercert.pem
Default location of the certificate from which the proxy creden-
tial is created. Set the X509_USER_CERT environment variable to
override.
~/.globus/userkey.pem
Default location of the private key from which the proxy creden-
tial is created. Set the X509_USER_KEY environment variable to
override.
/tmp/x509up_u<uid>
Default location of proxy credential created from the certificate and
private key. Set the X509_USER_PROXY environment variable to
override.
ENVIRONMENT
X509_USER_CERT
Specifies a non-standard location for the certificate from which
the proxy credential is created.
X509_USER_KEY
Specifies a non-standard location for the private key from which
the proxy credential is created.
X509_USER_PROXY
Specifies a non-standard location for the proxy credential which
will be delegated.