myproxy-server - store credentials in an online repository
myproxy-server [ options ]
The myproxy-server is a server that runs on a trusted,
secure host and manages a database of security credentials for use from
remote sites. The myproxy-init(1) program stores credentials with
associated policies that specify credential lifetimes and who is authorized
to retrieve credentials. The myproxy-server.config(5) file sets
server-wide policies that are used in conjunction with the policies set by
myproxy-init(1) to control who is authorized to store and retrieve
credentials.
- -h, --help
- Displays command usage text and exits.
- -u, --usage
- Displays command usage text and exits.
- -v, --verbose
- Enables verbose debugging output to the terminal.
- -V, --version
- Displays version information and exits.
- -d, --debug
- Run the server in debug mode. In this mode, the server will run in the
foreground, will accept one connection, write log messages to the terminal
while processing the incoming request, and exit after completing one
request.
- -l hostname/ipaddr,
--listen hostname/ipaddr
- Specifies the hostname or IP address that the myproxy-server should
listen (bind) to. Default: all interfaces on the localhost
- -p port,
--port port
- Specifies the TCP port number that the myproxy-server should listen
on. Default: 7512
- -c file,
--config file
- Specifies the location of the myproxy-server configuration file.
Default: /etc/myproxy-server.config or
$GLOBUS_LOCATION/etc/myproxy-server.config
- -s dir,
--storage dir
- Specifies the location of the credential storage directory. The directory
must be accessible only by the user running the myproxy-server
process for security reasons. Default: /var/lib/myproxy or /var/myproxy or
$GLOBUS_LOCATION/var/myproxy
- /etc/myproxy-server.config
- Default location of the server configuration file (see
myproxy-server.config(5)). If not found,
$GLOBUS_LOCATION/etc/myproxy-server.config will be used. An
alternate location can be specified by using the -c option.
- /var/lib/myproxy
- Default location of the credential storage directory. If not found,
/var/myproxy or $GLOBUS_LOCATION/var/myproxy will be used.
If none of these directories exist, the myproxy-server will first attempt
to create /var/lib/myproxy and if that fails will attempt to create
$GLOBUS_LOCATION/var/myproxy and use that. The directory must be
accessible only by the user running the myproxy-server process for
security reasons. An alternate location can be specified by using the
-s option.
- GLOBUS_LOCATION
- Specifies the root of the MyProxy installation, used to find the default
location of the myproxy-server.config file and the credential
storage directory.
- LD_LIBRARY_PATH
- The MyProxy server is typically linked dynamically with Globus security
libraries, which must be present in the dynamic linker's search path. This
typically requires $GLOBUS_LOCATION/lib to be included in the list
in the LD_LIBRARY_PATH environment variable, which is set by the
$GLOBUS_LOCATION/libexec/globus-script-initializer script, which
should be called from any myproxy-server startup script.
Alternatively, to set LD_LIBRARY_PATH appropriately for the Globus
libraries in an interactive shell, source
$GLOBUS_LOCATION/etc/globus-user-env.sh (for sh shells) or
$GLOBUS_LOCATION/etc/globus-user.env.csh (for csh shells).
- MYPROXY_SERVER_PORT
- Specifies the port where the myproxy-server(8) is running. This
environment variable can be used in place of the -p option.
- X509_USER_CERT
- Specifies an alternative location for the server's certificate. By
default, the server uses /etc/grid-security/hostcert.pem when
running as root or ~/.globus/usercert.pem when running as
non-root.
- X509_USER_KEY
- Specifies an alternative location for the server's private key. By
default, the server uses /etc/grid-security/hostkey.pem when
running as root or ~/.globus/userkey.pem when running as
non-root.
- X509_USER_PROXY
- Specifies an alternative location for the server's certificate and private
key (in the same file). Use when running the server with a proxy
credential. Note that the proxy will need to be periodically renewed
before expiration to allow the myproxy-server to keep functioning.
When the myproxy-server runs with a non-host credential, clients
must have the MYPROXY_SERVER_DN environment variable set to the
distinguished name of the certificate being used by the server.
- X509_CERT_DIR
- Specifies a non-standard location for the CA certificates directory.
- MYPROXY_KEYBITS
- Specifies the size for RSA keys generated by MyProxy. By default, MyProxy
generates 2048 bit RSA keys. Set this environment variable to
"1024" for 1024 bit RSA keys.
See http://grid.ncsa.illinois.edu/myproxy/about for the
list of MyProxy authors.
myproxy-change-pass-phrase(1), myproxy-destroy(1),
myproxy-get-trustroots(1), myproxy-info(1),
myproxy-init(1), myproxy-logon(1), myproxy-retrieve(1),
myproxy-store(1), myproxy-server.config(5),
myproxy-admin-adduser(8), myproxy-admin-change-pass(8),
myproxy-admin-load-credential(8), myproxy-admin-query(8)