lcmaps_localaccount.mod

LCMAPS_LOCALACCOUNT.MOD(8)    Site Access Control   LCMAPS_LOCALACCOUNT.MOD(8)



NAME
       lcmaps_localaccount.mod - LCMAPS plugin to switch user identity

SYNOPSIS
       lcmaps_localaccount.mod [-gridmapfile grid-mapfile]

DESCRIPTION
       This plugin is an acquisition plugin and will provide the LCMAPS system
       with Local Account credential information.  The plugin tries to find a
       local account (more specifically a UserID) based on the Distinguished
       Name (DN) of the user's end-entity certificate.

       It will try to find a DN to local account name mapping in the grid-
       mapfile.  The plugin will resolve the UID, GID and all the secondary
       GIDs of the mapped local (system) account username.


OPTIONS
       -gridmapfile grid-mapfile
              This file must contain DNs to (local) user account name
              mappings.  It is strongly advised to set this option and to set
              it to an absolute path to avoid usage of the wrong file(path).
              When unset, the plugin will try to obtain the value from one of
              the environment variables (see ENVIRONMENT). When those are also
              unset, the default depends on whether the plugin runs inside a
              (setuid-)root application. In the (setuid-)root case, the
              default is /etc/grid-security/grid-mapfile.  In the
              non-(setuid-)root case, the default is <homedir>/.gridmap. If
              that latter default does not exist, the plugin will return the
              account information of the calling user.  In a (setuid-)root
              application, relative paths are taken with respect to /etc/grid-
              security/.


RETURN VALUES
       LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.


ENVIRONMENT
       GRIDMAP | GLOBUSMAP | globusmap | GlobusMap
              When no grid-mapfile is specified as option to the plugin, it
              will try to obtain the file location from one of these
              environment variables.


NOTES
       Since version 1.6.0 the localaccount plugin supports grid-mapfile
       entries with multiple usernames, separated by a comma without
       whitespace. This can be used in combination with specifying a requested
       username (such as by gsissh), to pick any of these accounts. When no
       requested username is specified, the first is used. This requires
       LCMAPS version 1.6.0 or newer.

BUGS
       Please report any errors to the Nikhef Grid Middleware Security Team
       <grid-mw-security-support@nikhef.nl>.

SEE ALSO
       lcmaps.db(5), lcmaps(3).

AUTHORS
       LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware
       Security Team <grid-mw-security@nikhef.nl>.



Stichting FOM/Nikhef           February 6, 2015     LCMAPS_LOCALACCOUNT.MOD(8)