Software Links
Getting Started
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide
- Migrating Guides
Reference
Manuals
Common Runtime
Security
- GSI C
- GSI Java
- Java WS A&A
- C WS A&A (coming soon)
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
Data Mgt
WS MDS
Execution Mgt
Name
grid-proxy-init — Generate a new proxy certificate
Synopsis
grid-proxy-init
Tool description
grid-proxy-init generates X.509 proxy certificates.
By default, this command generates RFC 3820 Proxy Certificates.
There are also options available for generating other types of proxy certificates, including limited, independent and legacy. For more information about proxy certificate types and their compatibility in GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes.
Options
Table 2. Command line options
| -help, -usage | Displays usage. |
| -version | Displays version. |
| -debug | Enables extra debug output. |
| -q | Quiet mode, minimal output. |
| -verify | Verifies the certificate to make the proxy for. |
| -pwstdin | Allows passphrase from stdin. |
| -limited | Creates a limited globus proxy. |
| -independent | Creates an independent globus proxy. |
| -draft | Creates a draft (GSI-3) proxy. |
| -old | Creates a legacy globus proxy. |
| -valid <h:m> | Proxy is valid for h hours and m minutes (default:12:00). |
| -hours <hours> | Deprecated support of hours option. |
| -bits <bits> | Number of bits in key {512|1024|2048|4096}. |
| -policy <policyfile> | File containing the policy to store in the ProxyCertInfo extension. |
| -pl <oid>, -policy-language <oid> | OID string for the policy language used in the policy file. |
| -path-length <l> | Allows a chain of at most 1 proxies to be generated from this one. |
| -cert <certfile> | Non-standard location of user certificate. |
| -key <keyfile> | Non-standard location of user key. |
| -certdir <certdir> | Non-standard location of trusted cert directory. |
| -out <proxyfile> | Non-standard location of new proxy cert. |
Creating a Proxy Certificate
Proxies are certificates signed by the user, or by another proxy, that do not require a password to submit a job. They are intended for short-term use, when the user is submitting many jobs and cannot be troubled to repeat his password for every job.
The subject of a proxy certificate is the same as the subject of the certificate that signed it, with /CN=proxy added to the name. The gatekeeper will accept any job requests submitted by the user, as well as any proxies he has created.
Proxies provide a convenient alternative to constantly entering passwords, but are also less secure than the user's normal security credential. Therefore, they should always be user-readable only, and should be deleted after they are no longer needed (or after they expire).
To create a proxy with the default expiration (12 hours), run the grid-proxy-init program. For example:
% grid-proxy-init
The grid-proxy-init program can also take arguments to specify the expiration and proxy key length. For example:
% grid-proxy-init -hours 8 -bits 512