Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Quickstart
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
Reference
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Samples
- Glossary
- Index
- Performance Studies
Common Runtime
Security
Data Mgt
Information Svcs
Execution Mgt
Name
cas-enroll — Enroll a trust anchor
Synopsis
cas-enroll
Tool description
To enroll a trust anchor, the user must have cas/enroll_trustAnchor permission on that cas server object (that is, the user must have permission to perform the enroll_trustAnchor action on the CAS service type). The enroll operation allows the user to choose a user group to which cas/grantAll permission on the enrolled object should be granted. The nickname should be unique across the CAS database and is used to refer to this trust anchor.
Command syntax
casAdmin$ cas-enroll [options] trustAnchor userGpName nickname authMethod authData
where:
Table 47. cas-enroll options
|
userGpName |
The user group to which cas/grantAll permission should be granted on this trust anchor entity. | |||
|
nickname |
The trust anchor nickname. | |||
|
authMethod | The authentication method used by the trust anchor. | |||
|
authData | Data used for authentication, typically the DN. | |||
| Common options | The following options are common to all CAS command-line tools | |||
| -a, --anonymous | Enables anonymous authentication. Only supported with transport security or the GSI Secure Conversation authentication mechanism. | |||
| -c, --serverCertificate <file> | Specifies the server's certificate file used for encryption. Only needed for the GSI Secure Message authentication mechanism. | |||
| -debug |
Debug: To run the client with debug message traces and error stack traces, the -debug flag must be used. | |||
| -f, --descriptor <file> | Specifies a client security descriptor. Overrides all other security settings. | |||
| -help |
Usage: The -help flag prints the usage message for the client. | |||
| -l, --contextLifetime <value> | Sets the lifetime of the client security context. value is in milliseconds. Only supported with the GSI Secure Conversation authentication mechanism. | |||
| -m, --securityMech <type> | Specifies the authentication mechanism. type can be 'msg' for GSI Secure Message, or 'conv' for GSI Secure Conversation. | |||
| -p, --protection <type> | Specifies the protection level. type can be 'sig' for signature or 'enc' for encryption. | |||
| -x, --proxyFilename <value> | Sets the proxy file to use as client credential. | |||
-s cas-url | CAS Service URL: This option can be used to set the CAS Service instance, where cas-url is the URL of the CAS service instance. Alternatively, an environment variable can be set as shown here. The instance URL typically looks like http://Host:Port/wsrf/services/CASService, where Host and Port are the host and port where the container with the CAS service is running. | |||
| -z authorization | CAS Service Identity: This option can be used to set the expected CAS server identity, where server-identity is the identity of the CAS service. Alternatively, an environment variable can be set as shown here. If neither is set, host authorization is done and the expected server credential is cas/<fqdn>, where <fqdn> is the fully qualified domain name of the host on which the CAS service is up.
| |||
| -v |
Version number: The -v flag prints the version number. | |||
|
![[Note]](/docbook-images/note.gif)