NAME

       lcmaps_voms_localaccount.mod  -  LCMAPS plugin to switch user identity based on VOMS credentials by local
       accounts

SYNOPSIS

       lcmaps_voms_localaccount.mod [-gridmapfile gridmapfile] [--add-primary-gid-from-mapped-account] [--do-
       not-add-primary-gid-from-mapped-account] [--add-primary-gid-as-secondary-gid-from-mapped-account] [--add-
       secondary-gids-from-mapped-account] [-use_voms_gid|-use-voms-gid]

DESCRIPTION

       This VOMS localaccount acquisition plugin is a 'VOMS-aware' modification of the lcmaps_localaccount.mod.8
       plugin.  The plugin tries to find a local account (more specifically a UserID) based on the VOMS informa‐
       tion that has available from the LCMAPS, in particular the Fully Qualified Attribute Names (FQAN).

       The VOMS credentials need to be available from the LCMAPS framework.

OPTIONS

       -gridmapfile gridmapfile
              This file must contain FQANs to (local) user account names.  If this option is set, it will  over‐
              ride  the  default path of the gridmapfile.  It is advised to use an absolute path to the gridmap‐
              file to avoid usage of the wrong file(path).

       --add-primary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP of the mapped  ac‐
              count as a part of the mapping result. Default is to not add the primary Group ID.

       --do-not-add-primary-gid-from-mapped-account
              After  the  account  is  mapped,  explicitly  avoid  adding  the primary Group ID from the passwd-
              file/LDAP of the mapped account as a part of the mapping result.. Default is to not add the prima‐
              ry Group ID.

       --add-primary-gid-as-secondary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP of the mapped  ac‐
              count as a secondary Group ID as a part of the mapping result.

       --add-secondary-gids-from-mapped-account
              After  the  account  is mapped, add the secondary Group ID from the groups-file/LDAP of the mapped
              account as a secondary Group ID(s) as a part of the mapping result.

       -use_voms_gid|-use-voms-gid
              Warning: Default enabled!  Switching this on will disable the automatic inclusion of  the  primary
              Group  ID and secondary Group ID(s) of the mapped account as a part of the mapping result.  We ad‐
              vise to switch this option on by default.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

NOTES

       Since version 1.6.0 the voms_localaccount plugin supports grid-mapfile entries with  multiple  usernames,
       separated  by  a  comma  without whitespace. This can be used in combination with specifying a  requested
       username  (such as by gsissh), to pick any of these accounts. When no  requested username  is  specified,
       the first is used. This requires LCMAPS version 1.6.0 or newer.

BUGS

       Please   report   any   errors  to  the  Nikhef  Grid  Middleware  Security  Team  <grid-mw-security-sup‐
       port@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS and the LCMAPS plug-ins were  written  by  the  Grid  Middleware  Security  Team  <grid-mw-securi‐
       ty@nikhef.nl>.

Stichting FOM/Nikhef                            February 25, 2013                LCMAPS_VOMS_LOCALACCOUNT.MOD(8)