Provided by: lcmaps-plugins-voms_1.6.2-2_amd64 bug

NAME

       lcmaps_voms_localaccount.mod  -  LCMAPS  plugin  to  switch  user  identity  based on VOMS
       credentials by local accounts

SYNOPSIS

       lcmaps_voms_localaccount.mod [-gridmapfile gridmapfile] [--add-primary-gid-from-mapped-
       account] [--do-not-add-primary-gid-from-mapped-account] [--add-primary-gid-as-secondary-
       gid-from-mapped-account] [--add-secondary-gids-from-mapped-account] [-use_voms_gid|-use-
       voms-gid]

DESCRIPTION

       This   VOMS  localaccount  acquisition  plugin  is  a  'VOMS-aware'  modification  of  the
       lcmaps_localaccount.mod.8 plugin.   The  plugin  tries  to  find  a  local  account  (more
       specifically  a  UserID) based on the VOMS information that has available from the LCMAPS,
       in particular the Fully Qualified Attribute Names (FQAN).

       The VOMS credentials need to be available from the LCMAPS framework.

OPTIONS

       -gridmapfile gridmapfile
              This file must contain FQANs to (local) user account names.  If this option is set,
              it  will  override  the  default  path of the gridmapfile.  It is advised to use an
              absolute path to the gridmapfile to avoid usage of the wrong file(path).

       --add-primary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP  of
              the  mapped  account  as  a  part  of the mapping result. Default is to not add the
              primary Group ID.

       --do-not-add-primary-gid-from-mapped-account
              After the account is mapped, explicitly avoid adding the primary Group ID from  the
              passwd-file/LDAP of the mapped account as a part of the mapping result.. Default is
              to not add the primary Group ID.

       --add-primary-gid-as-secondary-gid-from-mapped-account
              After the account is mapped, add the primary Group ID from the passwd-file/LDAP  of
              the mapped account as a secondary Group ID as a part of the mapping result.

       --add-secondary-gids-from-mapped-account
              After  the  account is mapped, add the secondary Group ID from the groups-file/LDAP
              of the mapped account as a secondary Group ID(s) as a part of the mapping result.

       -use_voms_gid|-use-voms-gid
              Warning: Default enabled!  Switching this on will disable the  automatic  inclusion
              of  the  primary Group ID and secondary Group ID(s) of the mapped account as a part
              of the mapping result.  We advise to switch this option on by default.

RETURN VALUES

       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

NOTES

       Since version 1.6.0  the  voms_localaccount  plugin  supports  grid-mapfile  entries  with
       multiple  usernames,  separated  by  a  comma  without  whitespace.  This  can  be used in
       combination with specifying a  requested username  (such as by gsissh),  to  pick  any  of
       these accounts. When no  requested username is specified, the first is used. This requires
       LCMAPS version 1.6.0 or newer.

BUGS

       Please report any errors to the Nikhef Grid Middleware  Security  Team  <grid-mw-security-
       support@nikhef.nl>.

SEE ALSO

       lcmaps.db(5), lcmaps(3).

AUTHORS

       LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <grid-mw-
       security@nikhef.nl>.