oracular (8) lcmaps_voms_localaccount.mod.8.gz

Provided by: lcmaps-plugins-voms_1.7.1-1ubuntu2_amd64 bug

NAME

       lcmaps_voms_localaccount.mod  -  LCMAPS  plugin  to  switch  user  identity  based on VOMS
       credentials by local accounts

SYNOPSIS

       lcmaps_voms_localaccount.mod [-gridmapfile grid-mapfile] [--do-not-add-primary-gid-from-
       mapped-account] [--add-primary-gid-from-mapped-account] [--add-primary-gid-as-secondary-
       gid-from-mapped-account] [--do-not-add-secondary-gids-from-mapped-account] [--add-
       secondary-gids-from-mapped-account] [--use-voms-gid|--use_voms_gid|-use_voms_gid] [--use-
       account-gid]

DESCRIPTION

       This  VOMS  localaccount  acquisition  plugin  is  a  'VOMS-aware'  modification  of   the
       lcmaps_localaccount.mod.8  plugin.   The  plugin  tries  to  find  a  local  account (more
       specifically a UserID) based on the VOMS information that is  available  from  LCMAPS,  in
       particular the Fully Qualified Attribute Names (FQANs).

       It  will try to find a FQAN to local account name mapping in the grid-mapfile.  The plugin
       will resolve the UID, GID and all the secondary GIDs of the mapped local (system)  account
       username.

OPTIONS

       -gridmapfile grid-mapfile
              This file must contain FQANs to (local) user account name mappings.  It is strongly
              advised to set this option and to set it to an absolute path to avoid usage of  the
              wrong  file(path).  When unset, the plugin will try to obtain the value from one of
              the environment variables (see ENVIRONMENT). When those are also unset, the default
              depends  on  whether  the  plugin  runs  inside a (setuid-)root application. In the
              (setuid-)root  case,  the  default  is  /etc/grid-security/grid-mapfile.   In   the
              non-(setuid-)root  case,  the  default  is  <homedir>/.gridmap.  In a (setuid-)root
              application, relative paths are taken with respect to /etc/grid-security/.

       --do-not-add-primary-gid-from-mapped-account
              After the account is mapped, do NOT add the  primary  Group  ID  from  the  passwd-
              file/LDAP of the mapped account as a part of the mapping result.  Default is to add
              the primary Group ID, unless --use-voms-gid is specified. See  also  --add-primary-
              gid-from-mapped-account, --add-primary-gid-as-secondary-gid-from-mapped-account and
              --use-voms-gid.

       --add-primary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP  of
              the  mapped account as a part of the mapping result.  Default is to add the primary
              Group ID, unless --use-voms-gid is specified.  See  also  --do-not-add-primary-gid-
              from-mapped-account,   --add-primary-gid-as-secondary-gid-from-mapped-account   and
              --use-voms-gid.

       --add-primary-gid-as-secondary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP  of
              the  mapped  account  as  a  secondary  Group  ID  as  a part of the mapping result
              (possibly in addition to adding it as a primary Group ID).  Default is  to  add  it
              only  as  primary  Group ID. See also --do-not-add-primary-gid-from-mapped-account,
              --add-primary-gid-from-mapped-account and --use-voms-gid.

       --do-not-add-secondary-gids-from-mapped-account
              After the account is mapped, do NOT add the secondary Group ID(s) from the  groups-
              file/LDAP  of  the mapped account as secondary Group ID(s) as a part of the mapping
              result.  Default is to add the sGIDs, unless --use-voms-gid is specified. See  also
              --add-secondary-gids-from-mapped-account --use-voms-gid.

       --add-secondary-gids-from-mapped-account
              After  the  account  is  mapped,  add  the  secondary  Group ID(s) from the groups-
              file/LDAP of the mapped account as secondary Group ID(s) as a part of  the  mapping
              result.   Default  is  to  add  the secondary Group ID(s), unless --use-voms-gid is
              specified.  See  also  --do-not-add-secondary-gids-from-mapped-account  --use-voms-
              gid.

       --use-voms-gid|--use_voms_gid|-use_voms_gid
              By  default  this  plugin  will  add the primary and secondary Group ID(s) from the
              passwd-file/groups-file/LDAP of the mapped account as part of the  mapping  result.
              Specifying  this  option  will  override  that  default.  Part  or all of the group
              information can still be added by using the --add-* flags.   We  advise  to  switch
              this option on by default.  See also --use-account-gid.

       --use-account-gid
              This  option  has the opposite effect of the option --use-voms-gid, instructing the
              plugin to add the mapped account group information to the mapping result.  This  is
              currently already the default and hence this option has no effect.  See also --use-
              voms-gid.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

ENVIRONMENT

       GRIDMAP | GLOBUSMAP | globusmap | GlobusMap
              When no grid-mapfile is specified as option to the plugin, it will  try  to  obtain
              the file location from one of these environment variables.

NOTES

       Since  version  1.6.0  the  voms_localaccount  plugin  supports  grid-mapfile entries with
       multiple usernames, separated  by  a  comma  without  whitespace.  This  can  be  used  in
       combination with specifying a requested username (such as by gsissh), to pick any of these
       accounts. When no requested username is specified, the first is used. This requires LCMAPS
       version 1.6.0 or newer.

BUGS

       Please  report  any  errors to the Nikhef Grid Middleware Security Team <grid-mw-security-
       support@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <grid-mw-
       security@nikhef.nl>.