myproxy-admin-load-credential(8) MyProxy myproxy-admin-load-credential(8)
NAME
myproxy-admin-load-credential - directly load repository
SYNOPSIS
myproxy-admin-load-credential [ options ]
DESCRIPTION
The myproxy-admin-load-credential command stores a credential directly in the local MyProxy repository. It must be run from the account
that owns the repository. Many of the options are similar to myproxy-init(1). However, unlike myproxy-init, myproxy-admin-load-credential
does not create a proxy from the source credential but instead directly loads a copy of the source credential into the repository. The
pass phrase of the source credential is unchanged. Use myproxy-admin-change-pass(8) to change the pass phrase after the credential is
stored if desired. Proxy credentials with default lifetime of 12 hours can then be retrieved by myproxy-logon(1) using the MyProxy
passphrase. The command's behavior is controlled by the following options.
OPTIONS
-h, --help
Displays command usage text and exits.
-u, --usage
Displays command usage text and exits.
-v, --verbose
Enables verbose debugging output to the terminal.
-V, --version
Displays version information and exits.
-s dir, --storage dir
Specifies the location of the credential storage directory. The directory must be accessible only by the user running the myproxy-
server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
-c filename, --certfile filename
Specifies the filename of the source certificate. This is a required parameter.
-y filename, --keyfile filename
Specifies the filename of the source private key. This is a required parameter. If the private key is encrypted, MyProxy clients
will be required to give the encryption passphrase to access the key. When used with -R or -Z, it is common for the private key to
not be encrypted, so MyProxy clients can access the credentials using only certificate-based authentication and authorization.
-l username, --username username
Specifies the MyProxy account under which the credential should be stored. By default, the command uses the value of the LOGNAME
environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not
correspond to a real Unix username.
-t hours, --proxy_lifetime hours
Specifies the maximum lifetime of credentials retrieved from the myproxy-server(8) using the stored credential. Default: 12 hours
-d, --dn_as_username
Use the certificate subject (DN) as the username.
-a, --allow_anonymous_retrievers
Allow credentials to be retrieved with just pass phrase authentication. By default, only entities with credentials that match the
myproxy-server.config(5) default retriever policy may retrieve credentials. This option allows entities without existing creden-
tials to retrieve a credential using pass phrase authentication by including "anonymous" in the set of allowed retrievers. The
myproxy-server.config(5) server-wide policy must also allow "anonymous" clients for this option to have an effect.
-A, --allow_anonymous_renewers
Allow credentials to be renewed by any client. Any client with a valid credential with a subject name that matches the stored cre-
dential may retrieve a new credential from the MyProxy repository if this option is given. Since this effectively defeats the pur-
pose of proxy credential lifetimes, it is not recommended. It is included only for sake of completeness.
-r name, --retrievable_by name
Allow the specified entity to retrieve credentials. See -x and -X options for controlling name matching behavior.
-E name, --retrieve_key name
Allow the specified entity to retrieve end-entity credentials. See -x and -X options for controlling name matching behavior.
-R name, --renewable_by name
Allow the specified entity to renew credentials. See -x and -X options for controlling name matching behavior.
-Z name, --retrievable_by_cert name
Allow the specified entity to retrieve credentials without a passphrase. See -x and -X options for controlling name matching behav-
ior.
-x, --regex_dn_match
Specifies that names used with following options -r, -E, -R, and -Z will be matched against the full certificate subject distin-
guished name (DN) according to REGULAR EXPRESSIONS in myproxy-server.config(5).
-X, --match_cn_only
Specifies that names used with following options -r, -E, -R, and -Z will be matched against the certificate subject common name (CN)
according to REGULAR EXPRESSIONS in myproxy-server.config(5). For example, if an argument of -r "Jim Basney" is specified, then the
resulting policy will be "*/CN=Jim Basney". This is the default behavior.
-k name, --credname name
Specifies the credential name.
-K description, --creddesc description
Specifies credential description.
EXIT STATUS
0 on success, >0 on error
AUTHORS
See http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
SEE ALSO
myproxy-change-pass-phrase(1), myproxy-destroy(1), myproxy-info(1), myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1), myproxy-
store(1), myproxy-server.config(5), myproxy-admin-adduser(8), myproxy-admin-change-pass(8), myproxy-admin-query(8), myproxy-server(8)
MyProxy 2011-09-05 myproxy-admin-load-credential(8)