SYNOPSIS

htproxyput, htproxydestroy, htproxytime, htproxyunixtime, htproxyrenew [options] Service-URL

htproxyinfo [options]

DESCRIPTION

htproxyput is a client to perform GSI proxy delegations using the GridSite/gLite delegation Web Service portType. The gridsite-delegation(8) CGI program is the complementary server-side implementation.

htproxyinfo examines a local copy of a GSI proxy, and outputs a summary of its X.509 and VOMS contents.

OPTIONS

-v/--verbose

Turn on debugging information.

--delegation-id <ID>

Explicitly specify the Delegation ID to use.

--destroy

Instead of delegating a proxy, delete the proxy from the service's proxy cache. Calling the program as htproxydestroy has the same effect.

--time

Instead of delegating a proxy, report the expiration time of the proxy, in the local time of the client. Calling the program as htproxytime has the same effect.

--unixtime

Instead of delegating a proxy, report the expiration time of the proxy, as the number of seconds since 00:00:00 1970-01-01 UTC. Calling the program as htproxyunixtime has the same effect.

--renew

Delegate an updated version of an existing proxy. The Delegation ID must be given when using this option. Calling the program as htproxyrenew has the same effect.

--info

Examine a local proxy file, and output a summary of the X.509 certificates and VOMS attributes it contains. Calling the program as htproxyinfo has the same effect.

--cert <X.509 cert path> and --key <X.509 key path>

Path to the PEM-encoded X.509 or GSI Proxy user certificate and key to use for HTTPS connections, intead of "anonymous mode." If only one of --key or --cert is given, then that will be tried for both. If neither is given, then the following order of precedence is used: the file name held by the variable X509_USER_PROXY; the file /tmp/x509up_uID (with Unix UID equal to ID); the file names held by X509_USER_CERT / X509_USER_KEY; the files ~/.globus/usercert.pem and ~/.globus/userkey.pem (where ~/ is the home directory of the user.)

--capath <X.509 CA root certs directory or file>

Path to the PEM-encoded CA root certificates to use when verifying remote servers' host certificates in HTTPS connections. Ideally this should be a directory of hash.0 files as described in the OpenSSL verify(1) man page, but a file may be used instead. If --capath is not given, the value of the environment variable X509_CERT_DIR will be tried. If this is not valid, then /etc/grid-security/certificates will be used.

--no-verify

Do not use CA root certificates to verify remote servers' host certificates. This is useful for testing sites before their certificate is set up properly, but leaves you vulnerable to "man in the middle" attacks by hostile servers masquerading as your target.

FILES

/tmp/x509up_uID

Default GSI Proxy file for Unix UID equal to ID.

/etc/grid-security/certificates

Default location for trusted Certification Authority root certificates to use when checking server certificates.

/tmp/.ca-roots-XXXXXX

Prior to 7.9.8, the underlying curl library did not support the CA root certificates directory. If built with an old version of libcurl, htproxyput will concatenate the certificates in the CA roots directory into a unique temporary file and use that.

TO DO

Better error recovery.

AUTHOR

Andrew McNab <[email protected]>

htproxyput is part of GridSite: http://www.gridsite.org/