myproxy-admin-adduser(8)            MyProxy           myproxy-admin-adduser(8)

NAME

       myproxy-admin-adduser - add a user or service credential

SYNOPSIS

       myproxy-admin-adduser [ options ]

       myproxy-admin-addservice [ options ]

DESCRIPTION

       The  myproxy-admin-adduser and myproxy-admin-addservice commands create
       a new credential for a user or service and load  it  into  the  MyProxy
       repository.   They  are  perl(1)  scripts that run grid-cert-request (a
       standard Globus Toolkit program) and grid-ca-sign (from the Globus Sim-
       ple  CA  package)  to create the credential and then run myproxy-admin-
       load-credential(8) to load the credential into the MyProxy  repository.

       The  command prompts for the common name to be included in the new cer-
       tificate (if the -c argument is not specified), the  Globus  Simple  CA
       key  password for signing the certificate, the MyProxy username (if the
       -l or -d arguments are not specified), and the MyProxy  passphrase  for
       the  credential.  Most of the command-line options for this command are
       passed directly to the myproxy-admin-load-credential(8) command.

       The grid-ca-sign program is not provided in the  MyProxy  distribution.
       It must be installed separately, from the Globus Simple CA package.

OPTIONS

       -h     Displays command usage text and exits.

       -u     Displays command usage text and exits.

       -c cn  Specifies  the  Common Name for the new credential (for example:
              "Jim Basney").

       -s dir Specifies the location of the credential storage directory.  The
              directory  must  be  accessible  only  by  the  user running the
              myproxy-server   process   for   security   reasons.    Default:
              /var/myproxy or $GLOBUS_LOCATION/var/myproxy

       -l username
              Specifies  the MyProxy account under which the credential should
              be stored.

       -t hours
              Specifies the maximum lifetime of credentials retrieved from the
              myproxy-server(8)  using  the  stored  credential.   Default: 12
              hours

       -n     Disables passphrase authentication for  the  stored  credential.
              If  specified, the command will not prompt for a passphrase, the
              credential will not be encrypted by a passphrase in the  reposi-
              tory,   and   the  credential  will  not  be  retrievable  using
              passphrase authentication with myproxy-logon(1).  This option is
              used for storing renewable credentials and is implied by -R.

       -d     Use the certificate subject (DN) as the username.

       -a     Allow  credentials to be retrieved with just pass phrase authen-
              tication.  By default, only entities with credentials that match
              the   myproxy-server.config(5)   default  retriever  policy  may
              retrieve  credentials.   This  option  allows  entities  without
              existing  credentials to retrieve a credential using pass phrase
              authentication by including "anonymous" in the  set  of  allowed
              retrievers.   The  myproxy-server.config(5)  server-wide  policy
              must also allow "anonymous" clients for this option to  have  an
              effect.

       -A     Allow  credentials to be renewed by any client.  Any client with
              a valid credential with a subject name that matches  the  stored
              credential may retrieve a new credential from the MyProxy repos-
              itory if this option is given.  Since this  effectively  defeats
              the  purpose  of  proxy  credential  lifetimes, it is not recom-
              mended.  It is included only for sake of completeness.

       -r dn  Allow the specified entity to retrieve credentials.  By default,
              the argument will be matched against the common name (CN) of the
              client (for example: "Jim  Basney").   Specify  -x  before  this
              option  to  match  against the full distinguished name (DN) (for
              example: "/C=US/O=National Computational Science Alliance/CN=Jim
              Basney") instead.

       -R dn  Allow  the  specified  entity to renew credentials.  By default,
              the argument will be matched against the common name (CN) of the
              client (for example: "condorg/modi4.ncsa.uiuc.edu").  Specify -x
              before this option to match against the full distinguished  name
              (DN)   (for  example:  "/C=US/O=National  Computational  Science
              Alliance/CN=condorg/modi4.ncsa.uiuc.edu") instead.  This  option
              implies  -n since passphrase authentication is not used for cre-
              dential renewal.

       -x     Specifies that the DN used by options -r and -R will be  matched
              as a regular expression.

       -X     Specifies  that the DN used by options -r and -R will be matched
              against the Common Name (CN) of the subject.

       -k name
              Specifies the credential name.

       -K description
              Specifies credential description.

EXIT STATUS

       0 on success, >0 on error

AUTHORS

       Bill Baker, Jim Basney,  Shiva  Shankar  Chetan,  Patrick  Duda,  Jarek
       Gawor,  Monte Goode, Daniel Kouril, Zhenmin Li, Jason Novotny, Miroslav
       Ruda, Benjamin Temko, and Von Welch

SEE ALSO

       myproxy-change-pass-phrase(1),   myproxy-destroy(1),   myproxy-info(1),
       myproxy-init(1),    myproxy-logon(1),   myproxy-retrieve(1),   myproxy-
       store(1),    myproxy-server.config(5),    myproxy-admin-change-pass(8),
       myproxy-admin-load-credential(8),    myproxy-admin-query(8),   myproxy-
       server(8)



NCSA                               2007-5-30          myproxy-admin-adduser(8)
Man(1) output converted with man2html