cas-wrap
Prev GT 4.1.0 CAS Command Reference Next

Name

cas-wrap — Runs program with CAS credentials

Synopsis

cas-wrap

Tool description

The cas-wrap program runs a grid-enabled program, causing it to use previously-generated CAS credentials.

Command syntax

        cas-wrap [-t tag | -p proxyfile ] command args

Command options

cas-wrap invokes the given command with the given argument using the specified previously-generated CAS credential. For example: 

        % cas-wrap -t my-community gsincftp myhost.edu

will look for a credential generated by a previous execution of: 

% cas-proxy-init -t my-community

and then set the environment to use that credential while running the command: 

% gsincftp myhost.edu

The second form should be used if cas-proxy-init was run with the -p option. For example: 

% cas-wrap -p /path/to/my/cas/credential gsincftp myhost.edu

will look for a credential generated by a previous execution of: 

% cas-proxy-init -p /path/to/my/cas/credential

and then set the environment to use that credential while running the command: 

% gsincftp myhost.edu

Table 46. cas-wrap options

Common options The following options are common to all CAS command-line tools
-a, --anonymous

Enables anonymous authentication. Only supported with transport security or the GSI Secure Conversation authentication mechanism.

-c, --serverCertificate <file>

Specifies the server's certificate file used for encryption. Only needed for the GSI Secure Message authentication mechanism.

-debug

Debug: To run the client with debug message traces and error stack traces, the -debug flag must be used.

-f, --descriptor <file>

Specifies a client security descriptor. Overrides all other security settings.

-help

Usage: The -help flag prints the usage message for the client.

-l, --contextLifetime <value>

Sets the lifetime of the client security context. value is in milliseconds. Only supported with the GSI Secure Conversation authentication mechanism.

-m, --securityMech <type>

Specifies the authentication mechanism. type can be 'msg' for GSI Secure Message, or 'conv' for GSI Secure Conversation.

-p, --protection <type>

Specifies the protection level. type can be 'sig' for signature or 'enc' for encryption.

-x, --proxyFilename <value>

Sets the proxy file to use as client credential.

-s cas-url

CAS Service URL: This option can be used to set the CAS Service instance, where cas-url is the URL of the CAS service instance. Alternatively, an environment variable can be set as shown here.

The instance URL typically looks like http://Host:Port/wsrf/services/CASService, where Host and Port are the host and port where the container with the CAS service is running.

-z authorization

CAS Service Identity: This option can be used to set the expected CAS server identity, where server-identity is the identity of the CAS service. Alternatively, an environment variable can be set as shown here. If neither is set, host authorization is done and the expected server credential is cas/<fqdn>, where <fqdn> is the fully qualified domain name of the host on which the CAS service is up.

[Note]Note

If the service being contacted is using GSI Secure Transport, then the container credentials configured for the service will be used, even if service/resource level credentials are configured. Hence authorization needs to be done based on the DN of the container credentials.

-v

Version number: The -v flag prints the version number.

[Note]Note

If you have a asterisk (*) in your command, you might have to escape it with backslash.

 
Prev Up Next
cas-proxy-init Home cas-enroll