cas-wrap

Home -> Toolkit -> Docs -> 4.0 -> Security -> Cas	Website Email Lists Search:

Name

cas-wrap — PURPOSE

Synopsis

cas-wrap

Tool description

The cas-wrap program runs a grid-enabled program, causing it to use previously-generated CAS credentials.

Command syntax

        cas-wrap [-t tag | -p proxyfile ] command args

Command options

cas-wrap invokes the given command with the given argument using the specified previously-generated CAS credential. For example:

        % cas-wrap -t my-community gsincftp myhost.edu

will look for a credential generated by a previous execution of:

% cas-proxy-init -t my-community

and then set the environment to use that credential while running the command:

% gsincftp myhost.edu

The second form should be used if cas-proxy-init was run with the -p option. For example:

% cas-wrap -p /path/to/my/cas/credential gsincftp myhost.edu

will look for a credential generated by a previous execution of:

% cas-proxy-init -p /path/to/my/cas/credential

and then set the environment to use that credential while running the command:

% gsincftp myhost.edu

CAS Client common options

The following options are common to all command line clients:

 [-debug -help -v -c cas-url -s server-identity -m mechanism -p protection]

CAS Service URL: The -c cas-url option can be used to set the CAS Service instance, where cas-url is the URL of the CAS service instance. Alternatively, an environment variable can be set as shown here.
The instance URL typically looks like
```
http://Host:Port/wsrf/services/CASService
```
, where Host and Port are the host and port where the container with the CAS service is running.

CAS Service Identity: The -s server-identity option can be used to set the expected CAS server identity, where server-identity is the identity of the CAS service. Alternatively, an environment variable can be set as shown here. If neither is set, host authorization is done and the expected server credential is cas/<fqdn>, where <fqdn> is the fully qualified domain name of the host on which the CAS service is up.

	Note
	If the service being contacted is using GSI Secure Transport, then the container credentials configured for the service will be used, even if service/resource level credentials are configured. Hence authorization needs to be done based on the DN of the container credentials.

Debug: To run the client with debug message traces and error stack traces, the -debug flag must be used.
Usage: The -help flag prints the usage message for the client.
Version number: The -v flag prints the version number.
Security Mechanism: The -m flag is used to set the chosen security mechanism. It can be set to 'msg' for Secure Message, 'conv' for Secure Conversation and 'trans' for Transport security. If not set and the server URL starts with 'https', Transport Security is used, else Secure Message is used.
Protection type: The -p flag is used to set the protection type required with the security mechanism. Can be set to 'sig' or 'enc' to indicate signature or encryption. Defaults to signature.

Note: If you have a asterisk (*) in your command, you might have to escape it with backslash.