Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Quickstart
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
Reference
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Samples
- Glossary
- Index
- Performance Studies
Common Runtime
Security
Data Mgt
Information Svcs
Execution Mgt
Name
cas-remove — Unenroll a trust anchor
Synopsis
cas-remove
Tool description
To unenroll a trust anchor, the user must have cas/unenroll permission on that trust anchor. The trust anchor must also be unused (that is, there may not be any users in the database that have this trust anchor or it may not be a part of any object group).
Command syntax
casAdmin$ cas-remove [options] trustAnchor nickname
where:
Table 48. cas-remove options
|
nickname | The nickname of the trust anchor to be unenrolled. If the trust anchor nickname specified does not exist, an error is not thrown. If the unenroll operation is successful all policy data on that trust anchor is purged. | |||
| Common options | The following options are common to all CAS command-line tools | |||
| -a, --anonymous | Enables anonymous authentication. Only supported with transport security or the GSI Secure Conversation authentication mechanism. | |||
| -c, --serverCertificate <file> | Specifies the server's certificate file used for encryption. Only needed for the GSI Secure Message authentication mechanism. | |||
| -debug |
Debug: To run the client with debug message traces and error stack traces, the -debug flag must be used. | |||
| -f, --descriptor <file> | Specifies a client security descriptor. Overrides all other security settings. | |||
| -help |
Usage: The -help flag prints the usage message for the client. | |||
| -l, --contextLifetime <value> | Sets the lifetime of the client security context. value is in milliseconds. Only supported with the GSI Secure Conversation authentication mechanism. | |||
| -m, --securityMech <type> | Specifies the authentication mechanism. type can be 'msg' for GSI Secure Message, or 'conv' for GSI Secure Conversation. | |||
| -p, --protection <type> | Specifies the protection level. type can be 'sig' for signature or 'enc' for encryption. | |||
| -x, --proxyFilename <value> | Sets the proxy file to use as client credential. | |||
-s cas-url | CAS Service URL: This option can be used to set the CAS Service instance, where cas-url is the URL of the CAS service instance. Alternatively, an environment variable can be set as shown here. The instance URL typically looks like http://Host:Port/wsrf/services/CASService, where Host and Port are the host and port where the container with the CAS service is running. | |||
| -z authorization | CAS Service Identity: This option can be used to set the expected CAS server identity, where server-identity is the identity of the CAS service. Alternatively, an environment variable can be set as shown here. If neither is set, host authorization is done and the expected server credential is cas/<fqdn>, where <fqdn> is the fully qualified domain name of the host on which the CAS service is up.
| |||
| -v |
Version number: The -v flag prints the version number. | |||
|
![[Note]](/docbook-images/note.gif)