man myproxy-server (8): store credentials in an online repository

SYNOPSIS

myproxy-server [ options ]

DESCRIPTION

The myproxy-server is a server that runs on a trusted, secure host and manages a database of security credentials for use from remote sites. The myproxy-init(1) program stores credentials with associated policies that specify credential lifetimes and who is authorized to retrieve credentials. The myproxy-server.config(5) file sets server-wide policies that are used in conjunction with the policies set by myproxy-init(1) to control who is authorized to store and retrieve credentials.

OPTIONS

-h, --help: Displays command usage text and exits.
-u, --usage: Displays command usage text and exits.
-v, --verbose: Enables verbose debugging output to the terminal.
-V, --version: Displays version information and exits.
-d, --debug: Run the server in debug mode. In this mode, the server will run in the foreground, will accept one connection, write log messages to the terminal while processing the incoming request, and exit after completing one request.
-l hostname/ipaddr, --listen hostname/ipaddr: Specifies the hostname or IP address that the myproxy-server should listen (bind) to. Default: all interfaces on the localhost
-p port, --port port: Specifies the TCP port number that the myproxy-server should listen on. Default: 7512
-c file, --config file: Specifies the location of the myproxy-server configuration file. Default: /etc/myproxy-server.config or $GLOBUS_LOCATION/etc/myproxy-server.config
-s dir, --storage dir: Specifies the location of the credential storage directory. The directory must be accessible only by the user running the myproxy-server process for security reasons. Default: /var/lib/myproxy or /var/myproxy or $GLOBUS_LOCATION/var/myproxy

FILES

/etc/myproxy-server.config: Default location of the server configuration file (see myproxy-server.config(5)). If not found, $GLOBUS_LOCATION/etc/myproxy-server.config will be used. An alternate location can be specified by using the -c option.
/var/lib/myproxy: Default location of the credential storage directory. If not found, /var/myproxy or $GLOBUS_LOCATION/var/myproxy will be used. If none of these directories exist, the myproxy-server will first attempt to create /var/lib/myproxy and if that fails will attempt to create $GLOBUS_LOCATION/var/myproxy and use that. The directory must be accessible only by the user running the myproxy-server process for security reasons. An alternate location can be specified by using the -s option.

ENVIRONMENT

GLOBUS_LOCATION: Specifies the root of the MyProxy installation, used to find the default location of the myproxy-server.config file and the credential storage directory.
GLOBUS_USAGE_OPTOUT: Setting this environment variable to "1" will disable the reporting of usage metrics.
LD_LIBRARY_PATH: The MyProxy server is typically linked dynamically with Globus security libraries, which must be present in the dynamic linker's search path. This typically requires $GLOBUS_LOCATION/lib to be included in the list in the LD_LIBRARY_PATH environment variable, which is set by the $GLOBUS_LOCATION/libexec/globus-script-initializer script, which should be called from any myproxy-server startup script. Alternatively, to set LD_LIBRARY_PATH appropriately for the Globus libraries in an interactive shell, source $GLOBUS_LOCATION/etc/globus-user-env.sh (for sh shells) or $GLOBUS_LOCATION/etc/globus-user.env.csh (for csh shells).
MYPROXY_SERVER_PORT: Specifies the port where the myproxy-server(8) is running. This environment variable can be used in place of the -p option.
X509_USER_CERT: Specifies an alternative location for the server's certificate. By default, the server uses /etc/grid-security/hostcert.pem when running as root or ~/.globus/usercert.pem when running as non-root.
X509_USER_KEY: Specifies an alternative location for the server's private key. By default, the server uses /etc/grid-security/hostkey.pem when running as root or ~/.globus/userkey.pem when running as non-root.
X509_USER_PROXY: Specifies an alternative location for the server's certificate and private key (in the same file). Use when running the server with a proxy credential. Note that the proxy will need to be periodically renewed before expiration to allow the myproxy-server to keep functioning. When the myproxy-server runs with a non-host credential, clients must have the MYPROXY_SERVER_DN environment variable set to the distinguished name of the certificate being used by the server.
X509_CERT_DIR: Specifies a non-standard location for the CA certificates directory.
MYPROXY_KEYBITS: Specifies the size for RSA keys generated by MyProxy. By default, MyProxy generates 2048 bit RSA keys. Set this environment variable to "1024" for 1024 bit RSA keys.

AUTHORS

See http://grid.ncsa.illinois.edu/myproxy/about for the list of MyProxy authors.