NAME¶
myproxy-server - store credentials in an online repository
SYNOPSIS¶
myproxy-server [
options ]
DESCRIPTION¶
The
myproxy-server is a server that runs on a trusted, secure host and
manages a database of security credentials for use from remote sites. The
myproxy-init(1) program stores credentials with associated policies
that specify credential lifetimes and who is authorized to retrieve
credentials. The
myproxy-server.config(5) file sets server-wide
policies that are used in conjunction with the policies set by
myproxy-init(1) to control who is authorized to store and retrieve
credentials.
OPTIONS¶
- -h, --help
- Displays command usage text and exits.
- -u, --usage
- Displays command usage text and exits.
- -v, --verbose
- Enables verbose debugging output to the terminal.
- -V, --version
- Displays version information and exits.
- -d, --debug
- Run the server in debug mode. In this mode, the server will
run in the foreground, will accept one connection, write log messages to
the terminal while processing the incoming request, and exit after
completing one request.
- -l hostname/ipaddr, --listen
hostname/ipaddr
- Specifies the hostname or IP address that the
myproxy-server should listen (bind) to. Default: all interfaces on
the localhost
- -p port, --port port
- Specifies the TCP port number that the
myproxy-server should listen on. Default: 7512
- -c file, --config file
- Specifies the location of the myproxy-server
configuration file. Default: /etc/myproxy-server.config or
$GLOBUS_LOCATION/etc/myproxy-server.config
- -s dir, --storage dir
- Specifies the location of the credential storage directory.
The directory must be accessible only by the user running the
myproxy-server process for security reasons. Default:
/var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
FILES¶
- /etc/myproxy-server.config
- Default location of the server configuration file (see
myproxy-server.config(5)). If not found,
$GLOBUS_LOCATION/etc/myproxy-server.config will be used. An
alternate location can be specified by using the -c option.
- /var/lib/myproxy
- Default location of the credential storage directory. If
not found, /var/myproxy or $GLOBUS_LOCATION/var/myproxy will
be used. If none of these directories exist, the myproxy-server will first
attempt to create /var/lib/myproxy and if that fails will attempt
to create $GLOBUS_LOCATION/var/myproxy and use that. The directory
must be accessible only by the user running the myproxy-server
process for security reasons. An alternate location can be specified by
using the -s option.
ENVIRONMENT¶
- GLOBUS_LOCATION
- Specifies the root of the MyProxy installation, used to
find the default location of the myproxy-server.config file and the
credential storage directory.
- GLOBUS_USAGE_OPTOUT
- Setting this environment variable to "1" will
disable the reporting of usage metrics.
- GLOBUS_USAGE_TARGETS
- If usage_stats_target is not specified in
myproxy-server.config(5), a comma-separated list of targets
(without any tags specified) if specified in the environment variable
GLOBUS_USAGE_TARGETS will be used.
- LD_LIBRARY_PATH
- The MyProxy server is typically linked dynamically with
Globus security libraries, which must be present in the dynamic linker's
search path. This typically requires $GLOBUS_LOCATION/lib to be
included in the list in the LD_LIBRARY_PATH environment variable,
which is set by the
$GLOBUS_LOCATION/libexec/globus-script-initializer script, which
should be called from any myproxy-server startup script.
Alternatively, to set LD_LIBRARY_PATH appropriately for the Globus
libraries in an interactive shell, source
$GLOBUS_LOCATION/etc/globus-user-env.sh (for sh shells) or
$GLOBUS_LOCATION/etc/globus-user.env.csh (for csh shells).
- MYPROXY_SERVER_PORT
- Specifies the port where the myproxy-server(8) is
running. This environment variable can be used in place of the -p
option.
- X509_USER_CERT
- Specifies an alternative location for the server's
certificate. By default, the server uses
/etc/grid-security/hostcert.pem when running as root or
~/.globus/usercert.pem when running as non-root.
- X509_USER_KEY
- Specifies an alternative location for the server's private
key. By default, the server uses /etc/grid-security/hostkey.pem
when running as root or ~/.globus/userkey.pem when running as
non-root.
- X509_USER_PROXY
- Specifies an alternative location for the server's
certificate and private key (in the same file). Use when running the
server with a proxy credential. Note that the proxy will need to be
periodically renewed before expiration to allow the myproxy-server
to keep functioning. When the myproxy-server runs with a non-host
credential, clients must have the MYPROXY_SERVER_DN environment
variable set to the distinguished name of the certificate being used by
the server.
- X509_CERT_DIR
- Specifies a non-standard location for the CA certificates
directory.
- MYPROXY_KEYBITS
- Specifies the size for RSA keys generated by MyProxy. By
default, MyProxy generates 2048 bit RSA keys. Set this environment
variable to "1024" for 1024 bit RSA keys.
AUTHORS¶
See
http://myproxy.ncsa.uiuc.edu/about for the list of MyProxy authors.
SEE ALSO¶
myproxy-change-pass-phrase(1),
myproxy-destroy(1),
myproxy-get-trustroots(1),
myproxy-info(1),
myproxy-init(1),
myproxy-logon(1),
myproxy-retrieve(1),
myproxy-store(1),
myproxy-server.config(5),
myproxy-admin-adduser(8),
myproxy-admin-change-pass(8),
myproxy-admin-load-credential(8),
myproxy-admin-query(8)