1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
.TH myproxy-server 8 "2014-07-12" "MyProxy" "MyProxy"
.SH NAME
myproxy-server \- store credentials in an online repository
.SH SYNOPSIS
.B myproxy-server
[
.I options
]
.SH DESCRIPTION
The
.B myproxy-server
is a server that runs on a trusted, secure host and manages a database
of security credentials for use from remote sites. The
.BR myproxy-init (1)
program stores credentials with associated policies that specify
credential lifetimes and who is authorized to retrieve credentials. The
.BR myproxy-server.config (5)
file sets server-wide policies that are used in conjunction with the
policies set by
.BR myproxy-init (1)
to control who is authorized to store and retrieve credentials.
.SH OPTIONS
.TP
.B -h, --help
Displays command usage text and exits.
.TP
.B -u, --usage
Displays command usage text and exits.
.TP
.B -v, --verbose
Enables verbose debugging output to the terminal.
.TP
.B -V, --version
Displays version information and exits.
.TP
.B -d, --debug
Run the server in debug mode. In this mode, the server will run in
the foreground, will accept one connection, write log messages to the
terminal while processing the incoming request, and exit after
completing one request.
.TP
.BI -l " hostname/ipaddr, " --listen " hostname/ipaddr"
Specifies the hostname or IP address that the
.B myproxy-server
should listen (bind) to. Default: all interfaces on the localhost
.TP
.BI -p " port, " --port " port"
Specifies the TCP port number that the
.B myproxy-server
should listen on. Default: 7512
.TP
.BI -c " file, " --config " file"
Specifies the location of the
.B myproxy-server
configuration file. Default: /etc/myproxy-server.config or $GLOBUS_LOCATION/etc/myproxy-server.config
.TP
.BI -s " dir, " --storage " dir"
Specifies the location of the credential storage directory.
The directory must be accessible only by the user running the
.B myproxy-server
process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy
.SH FILES
.TP
.I /etc/myproxy-server.config
Default location of the server configuration file (see
.BR myproxy-server.config (5)).
If not found,
.I $GLOBUS_LOCATION/etc/myproxy-server.config
will be used.
An alternate location can be specified by using the
.B -c
option.
.TP
.I /var/lib/myproxy
Default location of the credential storage directory.
If not found,
.I /var/myproxy
or
.I $GLOBUS_LOCATION/var/myproxy
will be used.
If none of these directories exist, the myproxy-server will first attempt to create
.I /var/lib/myproxy
and if that fails will attempt to create
.I $GLOBUS_LOCATION/var/myproxy
and use that.
The directory must be accessible only by the user running the
.B myproxy-server
process for security reasons.
An alternate location can be specified by using the
.B -s
option.
.SH ENVIRONMENT
.TP
.B GLOBUS_LOCATION
Specifies the root of the MyProxy installation, used to find the
default location of the
.I myproxy-server.config
file and the credential storage directory.
.TP
.B LD_LIBRARY_PATH
The MyProxy server is typically linked dynamically with Globus
security libraries, which must be present in the dynamic linker's
search path. This typically requires
.I $GLOBUS_LOCATION/lib
to be included in the list in the
.B LD_LIBRARY_PATH
environment variable, which is set by the
.I $GLOBUS_LOCATION/libexec/globus-script-initializer
script, which should be called from any
.B myproxy-server
startup script.
Alternatively, to set
.B LD_LIBRARY_PATH
appropriately for the Globus libraries in an interactive shell, source
.I $GLOBUS_LOCATION/etc/globus-user-env.sh
(for sh shells) or
.I $GLOBUS_LOCATION/etc/globus-user.env.csh
(for csh shells).
.TP
.B MYPROXY_SERVER_PORT
Specifies the port where the
.BR myproxy-server (8)
is running. This environment variable can be used in place of the
.B -p
option.
.TP
.B X509_USER_CERT
Specifies an alternative location for the server's certificate. By
default, the server uses
.I /etc/grid-security/hostcert.pem
when running as root or
.I ~/.globus/usercert.pem
when running as non-root.
.TP
.B X509_USER_KEY
Specifies an alternative location for the server's private key. By
default, the server uses
.I /etc/grid-security/hostkey.pem
when running as root or
.I ~/.globus/userkey.pem
when running as non-root.
.TP
.B X509_USER_PROXY
Specifies an alternative location for the server's certificate and
private key (in the same file). Use when running the server with a
proxy credential. Note that the proxy will need to be periodically
renewed before expiration to allow the
.B myproxy-server
to keep functioning. When the
.B myproxy-server
runs with a non-host credential, clients must have the
.B MYPROXY_SERVER_DN
environment variable set to the distinguished name of the certificate
being used by the server.
.TP
.B X509_CERT_DIR
Specifies a non-standard location for the CA certificates directory.
.TP
.B MYPROXY_KEYBITS
Specifies the size for RSA keys generated by MyProxy.
By default, MyProxy generates 2048 bit RSA keys.
Set this environment variable to "1024" for 1024 bit RSA keys.
.SH AUTHORS
See
.B http://grid.ncsa.illinois.edu/myproxy/about
for the list of MyProxy authors.
.SH "SEE ALSO"
.BR myproxy-change-pass-phrase (1),
.BR myproxy-destroy (1),
.BR myproxy-get-trustroots (1),
.BR myproxy-info (1),
.BR myproxy-init (1),
.BR myproxy-logon (1),
.BR myproxy-retrieve (1),
.BR myproxy-store (1),
.BR myproxy-server.config (5),
.BR myproxy-admin-adduser (8),
.BR myproxy-admin-change-pass (8),
.BR myproxy-admin-load-credential (8),
.BR myproxy-admin-query (8)
|
