myproxy-admin-adduser(8) MyProxy myproxy-admin-adduser(8)
NAME
myproxy-admin-adduser - add a user or service credential
SYNOPSIS
myproxy-admin-adduser [ options ]
myproxy-admin-addservice [ options ]
DESCRIPTION
The myproxy-admin-adduser and myproxy-admin-addservice commands create a new credential for a user or service and load it into the MyProxy
repository. They are perl(1) scripts that run grid-cert-request (a standard Globus Toolkit program) and grid-ca-sign (from the Globus Sim-
ple CA package) to create the credential and then run myproxy-admin-load-credential(8) to load the credential into the MyProxy repository.
The command prompts for the common name to be included in the new certificate (if the -c argument is not specified), the Globus Simple CA
key password for signing the certificate, the MyProxy username (if the -l or -d arguments are not specified), and the MyProxy passphrase
for the credential. Most of the command-line options for this command are passed directly to the myproxy-admin-load-credential(8) command.
The grid-ca-sign program is not provided in the MyProxy distribution. It must be installed separately, from the Globus Simple CA package.
OPTIONS
-h Displays command usage text and exits.
-u Displays command usage text and exits.
-v Enables verbose debugging output to the terminal.
-c cn Specifies the Common Name for the new credential (for example: "Jim Basney").
-s dir Specifies the location of the credential storage directory. The directory must be accessible only by the user running the myproxy-
server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
-l username
Specifies the MyProxy account under which the credential should be stored.
-t hours
Specifies the maximum lifetime of credentials retrieved from the myproxy-server(8) using the stored credential. Default: 12 hours
-p CA-password
Specifies the password for the CA's private key using the format documented in the PASS PHRASE ARGUMENTS section of openssl(1).
-n Disables passphrase authentication for the stored credential. If specified, the command will not prompt for a passphrase, the cre-
dential will not be encrypted by a passphrase in the repository, and the credential will not be retrievable using passphrase authen-
tication with myproxy-logon(1). This option is used for storing renewable credentials and is implied by -R.
-d Use the certificate subject (DN) as the username.
-a Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the
myproxy-server.config(5) default retriever policy may retrieve credentials. This option allows entities without existing creden-
tials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The
myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for this option to have an effect.
-A Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored cre-
dential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the pur-
pose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness.
-r name
Allow the specified entity to retrieve credentials. See -x and -X options for controlling name matching behavior.
-R name
Allow the specified entity to renew credentials. See -x and -X options for controlling name matching behavior. This option implies
-n since passphrase authentication is not used for credential renewal.
-Z name, --retrievable_by_cert name
Allow the specified entity to retrieve credentials without a passphrase. See -x and -X options for controlling name matching behav-
ior. This option implies -n.
-x Specifies that names used with following options -r, -R, and -Z will be matched against the full certificate subject distinguished
name (DN) according to REGULAR EXPRESSIONS in myproxy-server.config(5).
-X Specifies that names used with following options -r, -R, and -Z will be matched against the certificate subject common name (CN)
according to REGULAR EXPRESSIONS in myproxy-server.config(5). For example, if an argument of -r "Jim Basney" is specified, then the
resulting policy will be "*/CN=Jim Basney". This is the default behavior.
-k name
Specifies the credential name.
-K description
Specifies credential description.
EXIT STATUS
0 on success, >0 on error
AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1), myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-
store(1), myproxy-server.config(5), myproxy-admin-change-pass(8), myproxy-admin-load-credential(8), myproxy-admin-query(8), myproxy-
server(8)
MyProxy 2011-09-05 myproxy-admin-adduser(8)