NAME

       lcmaps_ban_fqan.mod - LCMAPS plugin to ban a user based on any of its FQANs

SYNOPSIS

       lcmaps_ban_fqan.mod [-banmapfile banning file] [-no_wildcard|-disablewildcard]

DESCRIPTION

       This  plugin  is  a  banning  plugin and will provide the LCMAPS system with a credential banning feature
       based on VOMS FQANs.  It will read a grid-mapfile and check whether any of the registered  FQANs  appears
       on  it. If that is the case, the plug-in will fail with a LCMAPS_MOD_FAIL.  If the plugin succeeds and no
       FQAN appears in the banning file the plugin will finish with a LCMAPS_MOD_SUCCESS

       When there are no FQANs (including in the case when the VOMS credentials have expired), the  plugin  also
       finishes with an LCMAPS_MOD_SUCCESS (versions before 1.6.2 would incorrectly fail in those cases).

OPTIONS

       -banmapfile ban-mapfile
              This  option  sets  the  path  to  the banning file which contains the list of FQANs which must be
              banned by the plugin.  It is strongly advised to set an absolute path to the ban-mapfile to  avoid
              usage  of  the  wrong  file(path).  In  a (setuid-)root application, relative paths are taken with
              respect to /etc/grid-security/.

       -no_wildcard, -disablewildcard
              When this option is set the plug-in will only match exact FQANs, i.e. /dteam* will not match.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure or banned.

BUGS

       Please  report  any  errors  to   the   Nikhef   Grid   Middleware   Security   Team   <grid-mw-security-
       support@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS   and   the  LCMAPS  plug-ins  were  written  by  the  Grid  Middleware  Security  Team  <grid-mw-
       security@nikhef.nl>.

Stichting FOM/Nikhef                            February 9, 2015                          LCMAPS_BAN_FQAN.MOD(8)