.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "VOMS-PROXY-FAKE" 1 "" "" "" .SH NAME voms-proxy-fake \- create a proxy with VOMS extensions .SH "SYNOPSIS" .ad l .hy 0 .HP 16 \fBvoms\-proxy\-fake\fR [options] .ad .hy .SH "DESCRIPTION" .PP The voms\-proxy\-fake generates a proxy containing arbitrary attributes without contacting the VOMS server\&. .SH "OPTIONS" .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. .PP \fB\-help\fR Displays usage\&. .PP \fB\-version\fR Displays version\&. .PP \fB\-debug\fR Enables extra debug output\&. .PP \fB\-q\fR Quiet mode, minimal output\&. .PP \fB\-verify\fR Verifies certificate to make proxy for\&. .PP \fB\-pwstdin\fR Allows passphrase from stdin\&. .PP \fB\-limited\fR Creates a limited proxy\&. .PP \fB\-hours\fR \fIH\fR Proxy is valid for H hours (default:12)\&. .PP \fB\-vomslife\fR \fIH\fR Tries to get an AC with information valid for H hours\&. The default is "as long as the proxy certificate"\&. The special value 0 means as long as the server will allow\&. .PP \fB\-bits\fR \fIB\fR Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. .PP \fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate .PP \fB\-key\fR \fIkeyfile\fR Non\-standard location of user key .PP \fB\-certdir\fR \fIcertdir\fR Location of trusted certificates dir .PP \fB\-out\fR \fIproxyfile\fR Location of new proxy cert .PP \fB\-voms\fR \fIvoms[:command]\fR Specifies the fake VOMS server that will appear in the attribute certificate\&. command is ignored and is present for compatibility with voms\-proxy\-init\&. .PP \fB\-include\fR \fIfile\fR Includes file in the certificate (in a non critical extension) .PP \fB\-conf\fR \fIfile\fR Read options from file\&. .PP \fB\-policy\fR The file containing the policy expression\&. .PP \fB\-policy\-language\fR\fI pl\fR The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. .PP \fB\-path\-length\fR Maximum depth of proxy certfificate that can be signed from this\&. .PP \fB\-globus\fR \fIversion\fR Underlying Globus version\&. .PP \fB\-proxyver\fR Version of the proxy certificate to create\&. May be 2 or 3\&. Default value is decided upon underlying globus version\&. .PP \fB\-separate\fR \fIfile\fR Saves the voms credential on file file\&. .PP \fB\-hostcert\fR \fIfile\fR The cert that will be used to sign the AC\&. .PP \fB\-hostkey\fR \fIfile\fR The key thet will be used to sign the AC\&. .PP \fB\-fqan\fR \fIfile\fR The string that will be included in the AC as the granted FQAN\&. .PP \fB\-newformat\fR .PP This forces the server to generate ACs in the new (correct) format\&. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version\&. .PP \fB\-newsubject\fR \fInewdn\fR .PP The created proxy will have newdn as subject rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the '\\XX' encoding, where XX are two hexadecimal characters\&. .PP \fB\-newissuer\fR \fInewdn\fR .PP The created proxy will have newdn as issuer rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the '\\XX' encoding, where XX are two hexadecimal characters\&. .PP \fB\-newserial\fR \fInewserial\fR .PP The created proxy will have the newserial as its serial number\&. The new serial number will have to be specified as an hex representation\&. Any length is possible\&. If this option is not specified, voms\-proxy\-fake will choose the serial number\&. .PP \fB\-pastac\fR \fItimespec\fR .PP The created AC will have its validity start in the past, as specified by timespec\&. .PP The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds .PP \fB\-pastproxy\fR \fItimespec\fR .PP The created proxy will have its validity start in the past as specified by timespec .PP The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds .PP \fB\-nscert\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Netscape Certificate Extension\&. Acceptable values for bit are: client, server, email, objsign, sslCA, emailCA, objCA\&. The default value is not to have this extension\&. .PP \fB\-extkeyusage\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Extended Key Usage Extension\&. Acceptable values for bit are: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL\&. The default value is not to have this extensions\&. .PP \fB\-keyusage\fR \fIbit,\&.\&.\&.,bit\fR .PP The created proxy will have the specified bits in the Key Usage Extensions\&. Acceptable values for bit are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly\&. The default value is to copy this extensions from the issuer certificate while removing the keyCertSign and nonRepudiation bits if present\&. .PP \fB\-selfsigned\fR .PP The created certificate will be a self\-signed certificate and have a CA=true bit in the Basic constraints Exception\&. .PP \fB\-extension\fR \fIoid[/criticality]value\fR .PP This option allows to specified additional extensions to be put in the created certificate\&. .PP oid is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. .PP criticality specifies whether the extensions is critical or not, and it must be either true or false\&. If absent, it defaults to false\&. .PP value is the value of the extensions\&. It is composed by two subfields, type and content\&. type is a single charater, and specifies how the content is interpreted\&. ':' means that content is a text string to be included as is\&. '~' means that content is an hex representation of the string\&. '+' means that content is the name of a file which will contain the actual data\&. .PP \fB\-acextension\fR \fIoid[/criticality]value\fR .PP This option allows to specified additional extensions to be put in the created attribute certificate\&. .PP oid is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. .PP criticality specifies whether the extensions is critical or not, and it must be either true or false\&. If absent, it defaults to false\&. .PP value is the value of the extensions\&. It is composed by two subfields, type and content\&. type is a single charater, and specifies how the content is interpreted\&. ':' means that content is a text string to be included as is\&. '~' means that content is an hex representation of the string\&. '+' means that content is the name of a file which will contain the actual data\&. .PP \fB\-ga\fR \fIid\fR = \fIvalue\fR \fI[(qualifier)]\fR .PP This option adds the generic attribute specified to the AC generated\&. Please note that spaces before and after the '=' char are swallowed in the command line\&. .PP \fB\-voinfo\fR \fIfile\fR .PP The file file contains informations for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. .PP The format of the file is the following: .PP [voname] .PP parameter=value .PP parameter=value .PP \&.\&.\&. .SH "BUGS" .PP EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR .SH "SEE ALSO" .PP voms\-proxy\-fake(1), voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) .PP EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR .PP CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR .PP RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR .SH "AUTHORS" .PP Vincenzo Ciaschini \&. .PP Valerio Venturi \&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at .PP www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&.