NAME¶
lcmaps_ban_fqan.mod - LCMAPS plugin to ban a user based on any of its FQANs
SYNOPSIS¶
lcmaps_ban_fqan.mod [-banmapfile banning file]
[-no_wildcard|-disablewildcard]
DESCRIPTION¶
This plugin is a banning plugin and will provide the LCMAPS system with a
credential banning feature based on VOMS FQANs. It will read a grid-mapfile
and check whether any of the registered FQANs appears on it. If that is the
case, the plug-in will fail with a LCMAPS_MOD_FAIL. If the plugin
succeeds and no FQAN appears in the banning file the plugin will finish with a
LCMAPS_MOD_SUCCESS
When there are no FQANs (including in the case when the VOMS
credentials have expired), the plugin also finishes with an
LCMAPS_MOD_SUCCESS (versions before 1.6.2 would incorrectly fail in those
cases).
OPTIONS¶
- -banmapfile ban-mapfile
- This option sets the path to the banning file which contains the list of
FQANs which must be banned by the plugin. It is strongly advised to set an
absolute path to the ban-mapfile to avoid usage of the wrong file(path).
In a (setuid-)root application, relative paths are taken with respect to
/etc/grid-security/.
- -no_wildcard, -disablewildcard
- When this option is set the plug-in will only match exact FQANs, i.e.
/dteam* will not match.
RETURN VALUES¶
- LCMAPS_MOD_SUCCESS
- Success.
- LCMAPS_MOD_FAIL
- Failure or banned.
BUGS¶
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
AUTHORS¶
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team
<grid-mw-security@nikhef.nl>.