File: lcmaps_localaccount.mod.8

package info (click to toggle)
lcmaps-plugins-basic 1.7.1-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 2,004 kB
  • sloc: sh: 11,020; ansic: 4,124; makefile: 128
file content (66 lines) | stat: -rw-r--r-- 2,517 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
.TH LCMAPS_LOCALACCOUNT.MOD 8 "February 6, 2015" "Stichting FOM/Nikhef" "Site Access Control"
.SH NAME
lcmaps_localaccount.mod \- LCMAPS plugin to switch user identity
.SH SYNOPSIS
.nh
.ad l
.B lcmaps_localaccount.mod
.RB [ \-gridmapfile
.IR grid-mapfile ]
.hy
.ad b
.SH DESCRIPTION
This plugin is an acquisition plugin and will provide the LCMAPS system with
Local Account credential information.
The plugin tries to find a local account (more specifically a UserID) based on
the Distinguished Name (DN) of the user's end-entity certificate.

It will try to find a DN to local account name mapping in the grid-mapfile.
The plugin will resolve the UID, GID and all the secondary GIDs of the mapped
local (system) account username.

.SH OPTIONS
.TP
.BI "\-gridmapfile " grid-mapfile
This file must contain DNs to (local) user account name mappings.
It is strongly advised to set this option and to set it to an absolute path to
avoid usage of the wrong file(path).
When unset, the plugin will try to obtain the value from one of the environment
variables (see \fBENVIRONMENT\fR). When those are also unset, the default
depends on whether the plugin runs inside a (setuid-)root application. In the
(setuid-)root case, the default is \fI/etc/grid-security/grid-mapfile\fR.
In the non-(setuid-)root case, the default is \fI<homedir>/.gridmap\fR. If that
latter default does not exist, the plugin will return the account information of
the calling user.
In a (setuid-)root application, relative paths are taken with respect to
\fI/etc/grid-security/\fR.

.SH RETURN VALUES
.TP
.B LCMAPS_MOD_SUCCESS
Success.
.TP
.B LCMAPS_MOD_FAIL
Failure.

.SH ENVIRONMENT
.TP
GRIDMAP | GLOBUSMAP | globusmap | GlobusMap
When no grid-mapfile is specified as option to the plugin, it will try to obtain
the file location from one of these environment variables.

.SH NOTES
Since version 1.6.0 the localaccount plugin supports grid-mapfile entries
with multiple usernames, separated by a comma without whitespace. This can be
used in combination with specifying a \fBrequested username\fR (such as by
gsissh), to pick any of these accounts. When no \fBrequested username\fR is
specified, the first is used. This requires LCMAPS version 1.6.0 or newer.
.SH BUGS
Please report any errors to the Nikhef Grid Middleware Security Team
<grid-mw-security-support@nikhef.nl>.
.SH SEE ALSO
.BR lcmaps.db (5), 
.BR lcmaps (3).
.SH AUTHORS
LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team
<grid-mw-security@nikhef.nl>.