htproxyput, htproxydestroy, htproxytime, htproxyunixtime,
htproxyrenew - GSI proxy delegations and querying, using GridSite/gLite
delegation API
htproxyput, htproxydestroy, htproxytime, htproxyunixtime,
htproxyrenew [options] Service-URL
htproxyinfo [options]
htproxyput is a client to perform GSI proxy delegations
using the GridSite/gLite delegation Web Service portType. The
gridsite-delegation(8) CGI program is the complementary server-side
implementation.
htproxyinfo examines a local copy of a GSI proxy, and
outputs a summary of its X.509 and VOMS contents.
- -v/--verbose
- Turn on debugging information.
- --delegation-id
<ID>
- Explicitly specify the Delegation ID to use.
- --destroy
- Instead of delegating a proxy, delete the proxy from the service's proxy
cache. Calling the program as htproxydestroy has the same effect.
- --time
- Instead of delegating a proxy, report the expiration time of the proxy, in
the local time of the client. Calling the program as htproxytime has the
same effect.
- --unixtime
- Instead of delegating a proxy, report the expiration time of the proxy, as
the number of seconds since 00:00:00 1970-01-01 UTC. Calling the program
as htproxyunixtime has the same effect.
- --renew
- Delegate an updated version of an existing proxy. The Delegation ID
must be given when using this option. Calling the program as
htproxyrenew has the same effect.
- --info
- Examine a local proxy file, and output a summary of the X.509 certificates
and VOMS attributes it contains. Calling the program as htproxyinfo has
the same effect.
- --cert <X.509 cert path>
and --key <X.509 key path>
- Path to the PEM-encoded X.509 or GSI Proxy user certificate and key to use
for HTTPS connections, instead of "anonymous mode." If only one
of --key or --cert is given, then that will be tried for both. If neither
is given, then the following order of precedence is used: the file name
held by the variable X509_USER_PROXY; the file /tmp/x509up_uID (with Unix
UID equal to ID); the file names held by X509_USER_CERT / X509_USER_KEY;
the files ~/.globus/usercert.pem and ~/.globus/userkey.pem (where ~/ is
the home directory of the user.)
- --capath <X.509 CA root
certs directory or file>
- Path to the PEM-encoded CA root certificates to use when verifying remote
servers' host certificates in HTTPS connections. Ideally this should be a
directory of hash.0 files as described in the OpenSSL verify(1) man page,
but a file may be used instead. If --capath is not given, the value of the
environment variable X509_CERT_DIR will be tried. If this is not valid,
then /etc/grid-security/certificates will be used.
- --no-verify
- Do not use CA root certificates to verify remote servers' host
certificates. This is useful for testing sites before their certificate is
set up properly, but leaves you vulnerable to "man in the
middle" attacks by hostile servers masquerading as your target.
- /tmp/x509up_uID
- Default GSI Proxy file for Unix UID equal to ID.
- /etc/grid-security/certificates
- Default location for trusted Certification Authority root certificates to
use when checking server certificates.
- /tmp/.ca-roots-XXXXXX
- Prior to 7.9.8, the underlying curl library did not support the CA root
certificates directory. If built with an old version of libcurl,
htproxyput will concatenate the certificates in the CA roots directory
into a unique temporary file and use that.
- X509_CERT_DIR
- Holds directory to search for Certification Authority root certificates
when verifying server certificates. (Tried if --capath is not given on the
command line.)
- X509_USER_PROXY
- Holds file name of a GSI Proxy to use as user certificate. (Tried if
--cert or --key are not given on the command line.)
- X509_USER_CERT
and X509_USER_KEY
- Holds file name of X.509 user certificate and key. (Tried if
X509_USER_PROXY is not valid.)
0 is returned on complete success, and non-zero on error.
Andrew McNab <Andrew.McNab@manchester.ac.uk>
htproxyput is part of GridSite: http://www.gridsite.org/