arcproxy(1) - Linux man page
Name
arcproxy - ARC Credentials Proxy generation utilitySynopsis
arcproxy [OPTION]Description
arcproxy generates proxy credentials (general proxy certificate, or proxy certificate with voms AC extenstion) from private key and certificate of user.
Options
- -d
- level of information printed. Possible values are DEBUG, VERBOSE, INFO, WARNING, ERROR and FATAL.
- -P
- location of generated credentials proxy file
- -C
- location of X509 certificate file, the file can be either pem, der, or pkcs12 formated; if this option is not set, then env X509_USER_CERT will be searched; if X509_USER_CERT env is not set, then certificatepath item in client.conf will be searched; if the location still is not found, then ~/.arc/, ~/.globus/, ./etc/arc, and ./ will be searched.
- -K
- location of private key file, if the certificate is in pkcs12 format, then no need to give private key; if this option is not set, then env X509_USER_KEY will be searched; if X509_USER_KEY env is not set, then keypath item in client.conf will be searched; if the location still is not found, then ~/.arc/, ~/.globus/, ./etc/arc, and ./ will be searched.
- -T
- path to trusted certificate directory, only needed for voms client functionality; if this option is not set, then env X509_CERT_DIR will be searched; if X509_CERT_DIR env is not set, then cacertificatesdirectory item in client.conf will be searched.
- -s
- path to top directory of VOMS *.lsc files, only needed for voms client functionality
- -V
- path to voms server configuration file, only needed for voms client functionality if the path is a directory rather than a file, all of the files under this directory will be searched
- -S
- voms<:command>. Specify voms server. :command is optional, and is used to ask for specific attributes(e.g: roles)
command option is:
all --- put all of this DN's attributes into AC;
list ---list all of the DN's attribute,will not create AC extension;
/Role=yourRole --- specify the role, if this DN
has such a role, the role will be put into AC
/voname/groupname/Role=yourRole --- specify the vo,group and role if this DN
has such a role, the role will be put into AC
- -o
- group<:role>. Specify ordering of attributes. Example: --order /knowarc.eu/coredev:Developer,/knowarc.eu/testers:Tester
or: --order /knowarc.eu/coredev:Developer --order /knowarc.eu/testers:Tester
Note that it does not make sense to specify the order if you have two or more different voms server specified
- -G
- use GSI communication protocol for contacting VOMS services
- -O
- use GSI proxy (RFC 3820 compliant proxy is default)
- -I
- print all information about this proxy. In order to show the Identity (DN without CN as subfix for proxy)
of the certificate, the 'trusted certdir' is needed.
- -r
- Remove the proxy file.
- -U
- Username to myproxy server.
- -L
- hostname of myproxy server optinally followed by colon and port number, e.g. example.org:7512. If the port number has not
been specified, 7512 is used by default.
- -M
- command to myproxy server. The command can be PUT and GET. PUT/put -- put a delegated credential to myproxy server;
GET/get -- get a delegated credential from myproxy server,
credential (certificate and key) is not needed in this case;
myproxy functionality can be used together with voms functionality.
- -R
- Allow specified entity to retrieve credential without passphrase. This option is specific for the PUT command when contacting Myproxy server.
- -N
- don't prompt for a credential passphrase, when retrieve a credential from on MyProxy server. The precondition of this choice is the credential is PUT
onto
the MyProxy server without a passphrase by using -R (--retrievable_by_cert)
option when being PUTing onto Myproxy server.
This option is specific for the GET command when contacting Myproxy server.
- -c
- constraints of proxy certificate. Currently following constraints are supported:
validityStart=time - time when certificate becomes valid. Default is now.
validityEnd=time - time when certificate becomes invalid. Default is 43200 (12 hours) from start for local proxy and 7 days for delegated to MyProxy.
validityPeriod=time - for how long certificate is valid. Default is 43200 (12 hours)for local proxy and 7 days for delegated to MyProxy.
vomsACvalidityPeriod=time - for how long the AC is valid. Default is shorter of validityPeriod and 12 hours.
myproxyvalidityPeriod=time - lifetime of proxies delegated by myproxy server. Default is shorter of validityPeriod and 12 hours.
proxyPolicy=policy content - assigns specified string to proxy prolicy to limit it's functionality.
- -h
- prints short usage description
If location of certificate and key are not exlicitely specified they are looked for in following location and order:
Key/certificate paths specified by the environment variables X509_USER_KEY and X509_USER_CERT respectively.
Paths specified in configuration file.
~/.arc/usercert.pem and ~/.arc/userkey.pem for certificate and key respectively.
~/.globus/usercert.pem and ~/.globus/userkey.pem for certificate and key respectively.
If destination location of proxy file is not specified explicitely value of X509_USER_PROXY environment variable is used. If no value is provided default location is used - /tmp/x509up_u<USER ID>.
Reporting Bugs
Report bugs to http://bugzilla.nordugrid.org/Environment Variables
- ARC_LOCATION
- The location where ARC is installed can be specified by this variable. If not specified the install location will be determined from the path to the command being executed, and if this fails a WARNING will be given stating the location which will be used.
- ARC_PLUGIN_PATH
- The location of ARC plugins can be specified by this variable. Multiple locations can be specified by separating them by : (; in Windows). The default location is $ARC_LOCATION/lib/arc (\ in Windows).
Copyright
APACHE LICENSEVersion 2.0
Files
- /etc/vomses
- Common file containing a list of selected VO contact point, one VO per line, for example:
- ~/.voms/vomses
- Same as /etc/vomses but located in user's home area. If exists, has precedence over
/etc/vomses
The order of the parsing of vomses location is:
1.
2. client configuration file ~/.arc/client.conf
3. $X509_VOMSES or $X509_VOMS_FILE
4. ~/.arc/vomses
5. ~/.voms/vomses
6. $ARC_LOCATION/etc/vomses (this is for Windows environment)
7. $ARC_LOCATION/etc/grid-security/vomses (this is for Windows environment)
8. $PWD/vomses
9. /etc/vomses
10. /etc/grid-security/vomses
- ~/.arc/client.conf
- Some options can be given default values by specifying them in the ARC client configuration file. By using the --conffile option a different configuration file can be used than the default.
Author
Weizhong Qiang <weizhong.qiang@fys.uio.no>See Also
arccat(1), arcclean(1), arccp(1), arcget(1), arcinfo(1), arckill(1), arcls(1), arcmigrate(1), arcmkdir(1), arcrenew(1), arcresub(1), arcresume(1), arcrm(1), arcstat(1), arcsub(1), arcsync(1), arctest(1)