APPROXY(1)
NAME
arcproxy - ARC Credentials Proxy generation utility
SYNOPSIS
arcproxy [OPTION]
DESCRIPTION
arcproxy generates proxy credentials (general proxy certificate, or
proxy certificate with voms AC extenstion) from private key and certificate of user.
OPTIONS
- -d level of information printed. Possible values are DEBUG, VER
- BOSE, INFO, WARNING, ERROR and FATAL.
- -P location of generated credentials proxy file
- -C location of X509 certificate file
- -K location of private key file
- -T path to trusted certificate directory, only needed for voms
- client functionality
- -V path to voms server configuration file, only needed for voms
- client functionality
- -S voms<:command>. Specify voms server.
- :command is optional, and is used to ask for spe
- cific attributes(e.g: roles)
- command option is:
all --- put all of this DN's attributes into AC;
list ---list all of the DN's attribute,will not - create AC extension;
- /Role=yourRole --- specify the role, if this DN
has such a role, the role will be
- put into AC
/voname/groupname/Role=yourRole --- specify the
- vo,group and role if this DN
has such a role, the role will be
- put into AC
- -o group<:role>. Specify ordering of attributes.
- Example: --order /knowarc.eu/coredev:Devel
- oper,/knowarc.eu/testers:Tester
- or: --order /knowarc.eu/coredev:Developer --order
- /knowarc.eu/testers:Tester
- Note that it does not make sense to specify the
- order if you have two or more different voms server specified
- -G use GSI communication protocol for contacting VOMS services
- -O use GSI proxy (RFC 3820 compliant proxy is default)
- -I print all information about this proxy.
- In order to show the Identity (DN without CN as
- subfix for proxy)
- of the certificate, the 'trusted certdir' is
- needed.
- -U Username to myproxy server.
- -L url of myproxy server, e.g. knowarc1.grid.niif.hu:7512. If the
- port number has not
been specified, 7512 is used by default.
- -M command to myproxy server. The command can be PUT and GET.
- PUT/put -- put a delegated credential to myproxy
- server;
- GET/get -- get a delegated credential from myproxy
- server,
- credential (certificate and key) is not needed in
- this case;
- myproxy functionality can be used together with
- voms functionality.
- -c constraints of proxy certificate. Currently following con
- straints are supported:
- validityStart=time - time when certificate becomes valid. Default is now.
- validityEnd=time - time when certificate becomes invalid. Default is 43200 (12 hours) from start.
- validityPeriod=time - for how long certificate is valid. Default is 43200 (12 hours).
- vomsACvalidityPeriod=time - for how long the AC is valid. Default is the same as validityPeriod.
- proxyPolicy=policy content - assigns specified string to proxy prolicy to limit it's functionality.
- -h prints short usage description
- If not specified location of certificate, key and proxy will be taken from content of environment variables X509_USER_CERT, X509_USER_KEY and X509_USER_PROXY.
REPORTING BUGS
Report bugs to http://bugzilla.nordugrid.org/
ENVIRONMENT VARIABLES
- ARC_LOCATION
- The location where ARC is installed can be specified by this variable. If not specified the install location will be determined from the path to the command being executed, and if this fails a WARNING will be given stating the location which will be used.
- ARC_PLUGIN_PATH
- The location of ARC plugins can be specified by this variable.
Multiple locations can be specified by separating them by : (;
in Windows). The default location is $ARC_LOCATION/lib/arc (\ in Windows).
COPYRIGHT
APACHE LICENSE Version 2.0
FILES
AUTHOR
- Weizhong Qiang <weizhong.qiang@fys.uio.no>