Software Links
Getting Started
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide
- Migrating Guides
Reference
Manuals
Common Runtime
Security
- GSI C
- GSI Java
- Java WS A&A
- C WS A&A (coming soon)
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
Data Mgt
WS MDS
Execution Mgt
Name
cas-remove — Remove a CAS object from the database
Synopsis
cas-remove [common options] trustAnchor nickname cas-remove [common options] namespace nickname cas-remove [common options] object objName namespaceNick cas-remove [common options] serviceType serviceTypeName
Tool description
Removing Trust Anchors
To remove a trust anchor, the user must have cas/remove permission on that trust anchor. The trust anchor must also be unused (that is, there may not be any users in the database that have this trust anchor or it may not be a part of any object group).
To remove trust anchors:
casAdmin$cas-remove [options] trustAnchornickname
where:
nicknameIndicates the nickname of the trust anchor to be unenrolled.
If the trust anchor nickname specified does not exist, an error is not thrown. If the unenroll operation is successful, all policy data on that trust anchor is purged.
Removing Namespaces
To remove a namespace, the user must have cas/remove permission on that namespace. The namespace must also be unused — that is, there may not be any object in the database that belongs to this namespace.
casAdmin$cas-remove [options] namespacenickname
where:
nicknameIndicates the nickname of the namespace to be unenrolled.
If the namespace nickname specified does not exist, an error is not thrown. If the remove operation is successful, all policy data on that trust anchor is purged.
Removing Objects
To remove an object the user must have cas/remove permission on that object. The object must also be unused — that is, there may not be any object group in the database that this object belongs to.
casAdmin$cas-remove [options] objectobjNamenamespaceNick
where:
objName- Indicates the name of the object to be removed.
namespaceNickIndicates the nickname of the namespace to which this object belongs.
If the object specified does not exist, an error is not thrown. If the remove operation is successful, all policy data on that object is purged.
Removing Service Types
To remove a service type the user must have cas/remove permission on that service type. The service type must also be unused — that is, there may not be any service type to action mapping.
casAdmin$cas-remove [options] serviceTypeserviceTypeName
where:
serviceTypeNameIndicates the service type name.
If the service type specified does not exist, an error is not thrown. If the remove operation is successful, all policy data on that service type is purged.
Options
Important
If you have an asterisk (*) in your command, you might need to escape it with a backslash ( \ ).
- -a, --anonymous
Enables anonymous authentication. Only supported with transport security or the GSI Secure Conversation authentication mechanism.
- -c, --serverCertificate
<file> Specifies the server's certificate file used for encryption. Only needed for the GSI Secure Message authentication mechanism.
- -debug
Runs the client with debug message traces and error stack traces.
- -f, --descriptor
<file> Specifies a client security descriptor. Overrides all other security settings.
- -help
Prints the usage message for the client.
- -l, --contextLifetime
<value> Sets the lifetime of the client security context.
valueis in milliseconds. Only supported with the GSI Secure Conversation authentication mechanism.- -m, --securityMech
<type> Specifies the authentication mechanism. The value
typecan be:msgfor GSI Secure Message, orconvfor GSI Secure Conversation.
- -p, --protection
<type> Specifies the protection level.
typecan be:sigfor signature, orencfor encryption.
- -s
cas-url Sets the CAS Service instance, where
cas-urlis the URL of the CAS service instance. Alternatively, an environment variable can be set as shown here.The instance URL typically looks like
http://Host:Port/wsrf/services/CASService, whereHostandPortare the host and port where the container with the CAS service is running.- -v
Prints the version number.
- -x, --proxyFilename
<value> Sets the proxy file to use as client credential.
- -z
authorization Specifies the type of authorization used, such as
selforhost.If you cannot use a standard method for authorization, you can use the specific CAS server's identity as the value.
Alternatively, an environment variable can be set as shown here.
If none of the above are set, host authorization is done by default and the expected server credential is
cas/, where<fqdn><fqdn>is the fully qualified domain name of the host on which the CAS service is up.![[Note]](/docbook-images/note.gif)
Note If the service being contacted is using GSI Secure Transport , then the container credentials configured for the service will be used, even if service/resource level credentials are configured. Hence authorization needs to be done based on the DN of the container credentials.