NAME

       lcmaps_ban_fqan.mod - LCMAPS plugin to ban a user based on any of its FQANs

SYNOPSIS

       lcmaps_ban_fqan.mod [-banmapfile banning file] [-no_wildcard|-disablewildcard]

DESCRIPTION

       This  plugin  is  a  banning  plugin  and will provide the LCMAPS system with a credential
       banning feature based on VOMS FQANs.  It will read a grid-mapfile and check whether any of
       the  registered  FQANs  appears  on  it. If that is the case, the plug-in will fail with a
       LCMAPS_MOD_FAIL.  If the plugin succeeds and no FQAN  appears  in  the  banning  file  the
       plugin will finish with a LCMAPS_MOD_SUCCESS

       When  there  are  no FQANs (including in the case when the VOMS credentials have expired),
       the  plugin  also  finishes  with  an  LCMAPS_MOD_SUCCESS  (versions  before  1.6.2  would
       incorrectly fail in those cases).

OPTIONS

       -banmapfile ban-mapfile
              This  option  sets  the  path  to the banning file which contains the list of FQANs
              which must be banned by the plugin.  It is strongly advised to set an absolute path
              to  the  ban-mapfile  to  avoid  usage  of the wrong file(path). In a (setuid-)root
              application, relative paths are taken with respect to /etc/grid-security/.

       -no_wildcard, -disablewildcard
              When this option is set the plug-in will only match exact FQANs, i.e. /dteam*  will
              not match.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure or banned.

BUGS

       Please  report  any  errors to the Nikhef Grid Middleware Security Team <grid-mw-security-
       support@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <grid-mw-
       security@nikhef.nl>.