Provided by: lcmaps-plugins-basic-localaccount_1.7.1-1_amd64 bug

NAME
       lcmaps_localaccount.mod - LCMAPS plugin to switch user identity


SYNOPSIS
       lcmaps_localaccount.mod [-gridmapfile grid-mapfile]


DESCRIPTION
       This  plugin  is  an  acquisition plugin and will provide the LCMAPS system with Local Account credential
       information.  The plugin tries to find a  local  account  (more  specifically  a  UserID)  based  on  the
       Distinguished Name (DN) of the user's end-entity certificate.

       It  will try to find a DN to local account name mapping in the grid-mapfile.  The plugin will resolve the
       UID, GID and all the secondary GIDs of the mapped local (system) account username.


OPTIONS
       -gridmapfile grid-mapfile
              This file must contain DNs to (local) user account name mappings.  It is strongly advised  to  set
              this option and to set it to an absolute path to avoid usage of the wrong file(path).  When unset,
              the plugin will try to obtain the value from one of the environment variables  (see  ENVIRONMENT).
              When  those  are also unset, the default depends on whether the plugin runs inside a (setuid-)root
              application. In the (setuid-)root case, the default is  /etc/grid-security/grid-mapfile.   In  the
              non-(setuid-)root  case, the default is <homedir>/.gridmap. If that latter default does not exist,
              the plugin will  return  the  account  information  of  the  calling  user.   In  a  (setuid-)root
              application, relative paths are taken with respect to /etc/grid-security/.


RETURN VALUES
       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.


ENVIRONMENT
       GRIDMAP | GLOBUSMAP | globusmap | GlobusMap
              When no grid-mapfile is specified as option to the plugin, it will try to obtain the file location
              from one of these environment variables.


NOTES
       Since version 1.6.0 the localaccount  plugin  supports  grid-mapfile  entries  with  multiple  usernames,
       separated  by  a  comma  without  whitespace. This can be used in combination with specifying a requested
       username (such as by gsissh), to pick any of these accounts. When no requested username is specified, the
       first is used. This requires LCMAPS version 1.6.0 or newer.


BUGS
       Please   report   any   errors   to   the   Nikhef   Grid  Middleware  Security  Team  <grid-mw-security-
       support@nikhef.nl>.


SEE ALSO
       lcmaps.db(5), lcmaps(3).


AUTHORS
       LCMAPS  and  the  LCMAPS  plug-ins  were  written  by  the  Grid  Middleware  Security   Team   <grid-mw-
       security@nikhef.nl>.