Name
myproxy-logon — Retrieve a credential
Synopsis
myproxy-logon
Tool description
The myproxy-logon command retrieves a credential from the myproxy-server that was previously stored using myproxy-init. In the default mode, the command prompts for the MyProxy pass phrase associated with the credential to be retrieved and stores the retrieved credential in the standard location (/tmp/x509up_u<uid>).
If the repository contains an end-entity certificate, this command will retrieve an RFC 3820 compliant proxy (also known as "proxy draft compliant impersonation proxy") by default. Set the the GT_PROXY_MODE environment variable to "old" to retrieve a "legacy globus proxy" instead. If the repository contains a proxy certificate, the retrieved proxy will always be of the same type as the stored proxy.
The myproxy-logon is also available under the name myproxy-get-delegation for backward compatibility.
Command options
Table 6. myproxy-logon options
-h, --help | Displays command usage text and exits. |
-u, --usage | Displays command usage text and exits. |
-v, --verbose | Enables verbose debugging output to the terminal. |
-V, --version | Displays version information and exits. |
-s hostname, --pshost hostname | Specifies the hostname of the myproxy-server. This option is required if the MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the MYPROXY_SERVER environment variable. |
-p port, --psport port | Specifies the TCP port number of the myproxy-server. Default: 7512. |
-l, --username | Specifies the MyProxy account under which the credential to retrieve is stored. By default, the command uses the value of the LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. |
-d, --dn_as_username | Use the certificate subject (DN) as the default username, instead of the LOGNAME environment variable. When used with the -a option, the certificate subject of the authorization credential is used. Otherwise, the certificate subject of the default credential is used. |
-t hours, --proxy_lifetime hours | Specifies the lifetime of credentials retrieved from the myproxy-server using the stored credential. The resulting lifetime is the shorter of the requested lifetime and the lifetime specified when the credential was stored using myproxy-init. Default: 12 hours. |
-o file, --out file | Specifies where the retrieved proxy credential should be stored. If this option is not specified, the proxy credential will be stored in the default location (/tmp/x509up_u<uid>). |
-a file, --authorization file | Specifies a credential to be used for authorizing the request instead of a passphrase. When renewing a credential, use this option to specify the existing, valid credential that you want to renew. Renewing a credential generally requires two certificate-based authentications. The client authenticates with its identity, using the credential in the standard location or specified by X509_USER_PROXY or X509_USER_CERT and X509_USER_KEY in addition to authenticating with the existing credential, in the location specified by this option, that it wants to renew. |
-k name, --credname name | Specifies the name of the credential that is to be retrieved or renewed. |
-S, --stdin_pass | by default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non-interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. |