htproxydestroy (1) - Linux Manuals
htproxydestroy: GSI proxy delegations and querying, using GridSite/gLite delegation API
NAME
htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew - GSI proxy delegations and querying, using GridSite/gLite delegation APISYNOPSIS
htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew [options] Service-URLhtproxyinfo [options]
DESCRIPTION
htproxyput is a client to perform GSI proxy delegations using the GridSite/gLite delegation Web Service portType. The gridsite-delegation(8) CGI program is the complementary server-side implementation.htproxyinfo examines a local copy of a GSI proxy, and outputs a summary of its X.509 and VOMS contents.
OPTIONS
- -v/--verbose
-
Turn on debugging information.
- --delegation-id <ID>
-
Explicitly specify the Delegation ID to use.
- --destroy
-
Instead of delegating a proxy, delete the proxy from the service's proxy
cache. Calling the program as htproxydestroy has the same effect.
- --time
-
Instead of delegating a proxy, report the expiration time of the proxy,
in the local time of the client. Calling the program as htproxytime has the
same effect.
- --unixtime
-
Instead of delegating a proxy, report the expiration time of the proxy, as
the number of seconds since 00:00:00 1970-01-01 UTC. Calling the program as
htproxyunixtime has the same effect.
- --renew
-
Delegate an updated version of an existing proxy. The Delegation ID
must
be given when using this option. Calling the program as htproxyrenew has the
same effect.
- --info
-
Examine a local proxy file, and output a summary of the X.509 certificates
and VOMS attributes it contains. Calling the program as htproxyinfo has the
same effect.
- --cert <X.509 cert path> and --key <X.509 key path>
-
Path to the PEM-encoded
X.509 or GSI Proxy user certificate and key to use for HTTPS
connections, instead of "anonymous mode." If only one of --key or --cert
is given, then that will be tried for both. If neither is given, then the
following order of precedence is used:
the file name held by the variable X509_USER_PROXY; the file
/tmp/x509up_uID (with Unix UID equal to ID); the file names held by
X509_USER_CERT / X509_USER_KEY; the files ~/.globus/usercert.pem and
~/.globus/userkey.pem (where ~/ is the home directory of the user.)
- --capath <X.509 CA root certs directory or file>
-
Path to the PEM-encoded CA root certificates to use when
verifying remote servers' host certificates in HTTPS connections. Ideally
this should be a directory of hash.0 files as described in the OpenSSL
verify(1) man page, but a file may be used instead. If --capath is not
given, the value of the environment variable X509_CERT_DIR will be tried.
If this is not valid, then /etc/grid-security/certificates will be used.
- --no-verify
-
Do not use CA root certificates to verify remote servers' host certificates.
This is useful for testing sites before their certificate is set up properly,
but leaves you vulnerable to "man in the middle" attacks by hostile servers
masquerading as your target.
FILES
- /tmp/x509up_uID
-
Default GSI Proxy file for Unix UID equal to ID.
- /etc/grid-security/certificates
-
Default location for trusted Certification Authority root certificates to use
when checking server certificates.
- /tmp/.ca-roots-XXXXXX
-
Prior to 7.9.8, the underlying curl library did not support the CA root
certificates directory.
If built with an old version of libcurl, htproxyput will concatenate the
certificates in the CA roots directory into a unique temporary file and use
that.
ENVIRONMENT
- X509_CERT_DIR
-
Holds directory to search for Certification Authority root certificates when
verifying server certificates. (Tried if --capath is not given on the
command line.)
- X509_USER_PROXY
-
Holds file name of a GSI Proxy to use as user certificate. (Tried if --cert or
--key are not given on the command line.)
- X509_USER_CERT and X509_USER_KEY
-
Holds file name of X.509 user certificate and key. (Tried if X509_USER_PROXY
is not valid.)
EXIT CODES
0 is returned on complete success, and non-zero on error.TO DO
Better error recovery.AUTHOR
Andrew McNab <Andrew.McNab [at] manchester.ac.uk>htproxyput is part of GridSite: http://www.gridsite.org/