myproxy-admin-query(8) [debian man page]
myproxy-admin-query(8) MyProxy myproxy-admin-query(8) NAME
myproxy-admin-query - query MyProxy repository contents SYNOPSIS
myproxy-admin-query [ options ] DESCRIPTION
The myproxy-admin-query command displays information about the credentials stored in the MyProxy repository. It can also be used to remove credentials from the repository, by combining query options with --remove. It accesses the repository directly and must be run on the machine where the myproxy-server(8) is installed from the account that owns the repository. An example cron job for running myproxy-admin-query periodically to remove invalid (expired, revoked, etc.) credentials from the repository is provided at $GLOBUS_LOCATION/share/myproxy/myproxy.cron. OPTIONS
-h, --help Displays command usage text and exits. -u, --usage Displays command usage text and exits. -v, --verbose Enables verbose debugging output to the terminal. -V, --version Displays version information and exits. -l username, --username username Return information on credentials for a single username. By default, the command returns information on all credentials for all usernames. -k name, --credname name Return information on the credentials with the specified name. -o DN, --owner DN Return information on the credentials owned by the specified distinguished name. -e hours, --expiring_in hours Return information on credentials with remaining lifetime less than the specified number of hours. For example, -e 0 will return all expired credentials. -t hours, --time_left hours Return information on credentials with remaining lifetime greater than the specified number of hours. -i, --invalid Return information on invalid (expired, revoked, etc.) credentials. -s dir, --storage dir Specifies the location of the credential storage directory. The directory must be accessible only by the user running the myproxy- server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy -c file, --config file Specifies the location of the myproxy-server configuration file, for OCSP options. Default: /etc/myproxy-server.config or $GLOBUS_LOCATION/etc/myproxy-server.config -r, --remove Remove the credentials matching the query from the repository. For example, myproxy-admin-query -e 0 -r will remove all expired credentials from the repository. -L 'msg', --lock 'msg' Places the credentials matching the query under an administrative lock and specifies a message to be returned on access attempts. Be sure to put the message in quotes so it is captured as one argument to the command. -U, --unlock Removes any administrative locks for the credentials matching the query. EXIT STATUS
0 on success, >0 on error AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors. SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-store(1), myproxy- server.config(5), myproxy-admin-adduser(8), myproxy-admin-change-pass(8), myproxy-admin-load-credential(8), myproxy-server(8) MyProxy 2011-09-19 myproxy-admin-query(8)
Check Out this Related Man Page
myproxy-admin-adduser(8) MyProxy myproxy-admin-adduser(8) NAME
myproxy-admin-adduser - add a user or service credential SYNOPSIS
myproxy-admin-adduser [ options ] myproxy-admin-addservice [ options ] DESCRIPTION
The myproxy-admin-adduser and myproxy-admin-addservice commands create a new credential for a user or service and load it into the MyProxy repository. They are perl(1) scripts that run grid-cert-request (a standard Globus Toolkit program) and grid-ca-sign (from the Globus Sim- ple CA package) to create the credential and then run myproxy-admin-load-credential(8) to load the credential into the MyProxy repository. The command prompts for the common name to be included in the new certificate (if the -c argument is not specified), the Globus Simple CA key password for signing the certificate, the MyProxy username (if the -l or -d arguments are not specified), and the MyProxy passphrase for the credential. Most of the command-line options for this command are passed directly to the myproxy-admin-load-credential(8) command. The grid-ca-sign program is not provided in the MyProxy distribution. It must be installed separately, from the Globus Simple CA package. OPTIONS
-h Displays command usage text and exits. -u Displays command usage text and exits. -v Enables verbose debugging output to the terminal. -c cn Specifies the Common Name for the new credential (for example: "Jim Basney"). -s dir Specifies the location of the credential storage directory. The directory must be accessible only by the user running the myproxy- server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy -l username Specifies the MyProxy account under which the credential should be stored. -t hours Specifies the maximum lifetime of credentials retrieved from the myproxy-server(8) using the stored credential. Default: 12 hours -p CA-password Specifies the password for the CA's private key using the format documented in the PASS PHRASE ARGUMENTS section of openssl(1). -n Disables passphrase authentication for the stored credential. If specified, the command will not prompt for a passphrase, the cre- dential will not be encrypted by a passphrase in the repository, and the credential will not be retrievable using passphrase authen- tication with myproxy-logon(1). This option is used for storing renewable credentials and is implied by -R. -d Use the certificate subject (DN) as the username. -a Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the myproxy-server.config(5) default retriever policy may retrieve credentials. This option allows entities without existing creden- tials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for this option to have an effect. -A Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored cre- dential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the pur- pose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness. -r name Allow the specified entity to retrieve credentials. See -x and -X options for controlling name matching behavior. -R name Allow the specified entity to renew credentials. See -x and -X options for controlling name matching behavior. This option implies -n since passphrase authentication is not used for credential renewal. -Z name, --retrievable_by_cert name Allow the specified entity to retrieve credentials without a passphrase. See -x and -X options for controlling name matching behav- ior. This option implies -n. -x Specifies that names used with following options -r, -R, and -Z will be matched against the full certificate subject distinguished name (DN) according to REGULAR EXPRESSIONS in myproxy-server.config(5). -X Specifies that names used with following options -r, -R, and -Z will be matched against the certificate subject common name (CN) according to REGULAR EXPRESSIONS in myproxy-server.config(5). For example, if an argument of -r "Jim Basney" is specified, then the resulting policy will be "*/CN=Jim Basney". This is the default behavior. -k name Specifies the credential name. -K description Specifies credential description. EXIT STATUS
0 on success, >0 on error AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors. SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1), myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy- store(1), myproxy-server.config(5), myproxy-admin-change-pass(8), myproxy-admin-load-credential(8), myproxy-admin-query(8), myproxy- server(8) MyProxy 2011-09-05 myproxy-admin-adduser(8)