lcmaps_localaccount.mod(8) LCMAPS plugin to switch user identity

SYNOPSIS

lcmaps_localaccount.mod [-gridmapfile gridmapfile]

DESCRIPTION

This plugin is an Acquisition Plugin and will provide the LCMAPS system with Local Account credential information. To do this it needs to look up the Distinguished Name (DN) from a user's certificate in the gridmapfile. If this DN is found in the gridmapfile the plugin knows the mapped local (system) account username. By knowing the username of the local account the plugin can gather additional information about this account. The plugin will resolve the UID, GID and all the secondary GIDs. When this has been done and there weren't any problems detected, the plugin will add this information to a datastructure in the Plugin Manager. The plugin will finish its run with a LCMAPS_MOD_SUCCESS. This result will be reported to the Plugin Manager which started this plugin and it will forward this result to the Evaluation Manager, which will take appropriate actions for the next plugin to run. Normally this plugin would be followed by an Enforcement plugin that can apply these gathered credentials in a way that is appropriate to a system administration's needs.

OPTIONS

-gridmapfile gridmapfile
When this option is set it will override the default path of the gridmapfile. It is advised to use an absolute path to the gridmapfile to avoid usage of the wrong file(path).

RETURN VALUES

LCMAPS_MOD_SUCCESS
Success.
LCMAPS_MOD_FAIL
Failure.

NOTES

Since version 1.6.0 the localaccount plugin supports grid-mapfile entries with multiple usernames, separated by a comma without whitespace. This can be used in combination with specifying a requested username (such as by gsissh), to pick any of these accounts. When no requested username is specified, the first is used. This requires LCMAPS version 1.6.0 or newer.

BUGS

Please report any errors to the Nikhef Grid Middleware Security Team <[email protected]>.

AUTHORS

LCMAPS and the LCMAPS plug-ins were written by the Grid Middleware Security Team <[email protected]>.