Name
myproxy-retrieve — Retrieve an end-entity credential
Synopsis
myproxy-retrieve
Tool description
The myproxy-retrieve command retrieves a credential directly from the myproxy-server(8) that was previously stored using myproxy-init(1) or myproxy-store(1). Unlike myproxy-logon(1), this command transfers the private key in the repository over the network (over a private channel). To obtain a proxy credential, we recommend using myproxy-logon(1) instead.
In the default mode, the command prompts for the pass phrase associated with the credential to be retrieved and stores the retrieved credential in the standard location ( ~/.globus/usercert.pem and ~/.globus/userkey.pem). You could then run grid-proxy-init to create a proxy credential from the retrieved credentials.
Command options
Table 8. myproxy-retrieve options
-h, --help | Displays command usage text and exits. |
-u, --usage | Displays command usage text and exits. |
-v, --verbose | Enables verbose debugging output to the terminal. |
-V, --version | Displays version information and exits. |
-s hostname, --pshost hostname | Specifies the hostname of the myproxy-server. This option is required if the MYPROXY_SERVER environment variable is not defined. If specified, this option overrides the MYPROXY_SERVER environment variable. |
-p port, --psport port | Specifies the TCP port number of the myproxy-server(8). Default: 7512. |
-l, --username | Specifies the MyProxy account under which the credential to retrieve is stored. by default, the command uses the value of the LOGNAME environment variable. Use this option to specify a different account username on the MyProxy server. The MyProxy username need not correspond to a real Unix username. |
-d, --dn_as_username | Use the certificate subject (DN) as the default username, instead of the LOGNAME environment variable. When used with the -a option, the certificate subject of the authorization credential is used. Otherwise, the certificate subject of the default credential is used. |
-t hours, --proxy_lifetime hours | Specifies the lifetime of credentials retrieved from the myproxy-server(8) using the stored credential. The resulting lifetime is the shorter of the requested lifetime and the lifetime specified when the credential was stored using myproxy-init(1). Default: 12 hours. |
-c filename, --certfile filename | Specifies the filename of where the certificate will be stored. |
-y filename, --keyfile filename | Specifies the filename of where the private key will be stored. |
-a file, --authorization file | Specifies a credential to be used for authorizing the request instead of a passphrase. When renewing a credential, use this option to specify the existing, valid credential that you want to renew. Renewing a credential generally requires two certificate-based authentications. The client authenticates with its identity, using the credential in the standard location or specified by X509_USER_PROXY or X509_USER_CERT and X509_USER_KEY in addition to authenticating with the existing credential, in the location specified by this option, that it wants to renew. |
-k name, --credname name | Specifies the name of the credential that is to be retrieved or renewed. |
-S, --stdin_pass | By default, the command prompts for a passphrase and reads the passphrase from the active tty. When running the command non- interactively, there may be no associated tty. Specifying this option tells the command to read passphrases from standard input without prompts or confirmation. |