NAME¶
lcmaps_localaccount.mod - LCMAPS plugin to switch user identity
SYNOPSIS¶
lcmaps_localaccount.mod [
-gridmapfile gridmapfile]
DESCRIPTION¶
This plugin is an Acquisition Plugin and will provide the LCMAPS system with
Local Account credential information. To do this it needs to look up the
Distinguished Name (DN) from a user's certificate in the gridmapfile. If this
DN is found in the gridmapfile the plugin knows the mapped local (system)
account username. By knowing the username of the local account the plugin can
gather additional information about this account. The plugin will resolve the
UID, GID and all the secondary GIDs. When this has been done and there weren't
any problems detected, the plugin will add this information to a datastructure
in the Plugin Manager. The plugin will finish its run with a
LCMAPS_MOD_SUCCESS. This result will be reported to the Plugin Manager
which started this plugin and it will forward this result to the Evaluation
Manager, which will take appropriate actions for the next plugin to run.
Normally this plugin would be followed by an Enforcement plugin that can apply
these gathered credentials in a way that is appropriate to a system
administration's needs.
OPTIONS¶
- -gridmapfile gridmapfile
- When this option is set it will override the default path of the
gridmapfile. It is advised to use an absolute path to the gridmapfile to
avoid usage of the wrong file(path).
RETURN VALUES¶
- LCMAPS_MOD_SUCCESS
- Success.
- LCMAPS_MOD_FAIL
- Failure.
NOTES¶
Since version 1.6.0 the localaccount plugin supports grid-mapfile entries with
multiple usernames, separated by a comma without whitespace. This can be used
in combination with specifying a
requested username (such as by
gsissh), to pick any of these accounts. When no
requested username is
specified, the first is used. This requires LCMAPS version 1.6.0 or newer.
BUGS¶
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
SEE ALSO¶
lcmaps.db(5),
lcmaps(3).
AUTHORS¶
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team
<grid-mw-security@nikhef.nl>.