logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

lcmaps_localaccount.mod - LCMAPS plugin to switch user identity

Contents

Authors

       LCMAPS  and  the  LCMAPS  plug-ins  were  written  by  the Grid Middleware Security Team <grid-mw-securi‐
       ty@nikhef.nl>.

Stichting FOM/Nikhef                            February 6, 2015                      LCMAPS_LOCALACCOUNT.MOD(8)

Bugs

       Please  report  any  errors  to  the  Nikhef  Grid  Middleware   Security   Team   <grid-mw-security-sup‐
       port@nikhef.nl>.

Description

       This plugin is an acquisition plugin and will provide the LCMAPS system with Local Account credential in‐
       formation.   The  plugin  tries to find a local account (more specifically a UserID) based on the Distin‐
       guished Name (DN) of the user's end-entity certificate.

       It will try to find a DN to local account name mapping in the grid-mapfile.  The plugin will resolve  the
       UID, GID and all the secondary GIDs of the mapped local (system) account username.

Environment

       GRIDMAP | GLOBUSMAP | globusmap | GlobusMap
              When no grid-mapfile is specified as option to the plugin, it will try to obtain the file location
              from one of these environment variables.

Name

       lcmaps_localaccount.mod - LCMAPS plugin to switch user identity

Notes

       Since  version 1.6.0 the localaccount plugin supports grid-mapfile entries with multiple usernames, sepa‐
       rated by a comma without whitespace. This can be used in combination with specifying a requestedusername
       (such as by gsissh), to pick any of these accounts. When no requestedusername is specified, the first is
       used. This requires LCMAPS version 1.6.0 or newer.

Options

-gridmapfilegrid-mapfile
              This  file  must contain DNs to (local) user account name mappings.  It is strongly advised to set
              this option and to set it to an absolute path to avoid usage of the wrong file(path).  When unset,
              the plugin will try to obtain the value from one of the environment variables  (see  ENVIRONMENT).
              When  those  are also unset, the default depends on whether the plugin runs inside a (setuid-)root
              application. In the (setuid-)root case, the default is  /etc/grid-security/grid-mapfile.   In  the
              non-(setuid-)root  case, the default is <homedir>/.gridmap. If that latter default does not exist,
              the plugin will return the account information of the calling user.  In a  (setuid-)root  applica‐
              tion, relative paths are taken with respect to /etc/grid-security/.

Return Values

LCMAPS_MOD_SUCCESS
              Success.

       LCMAPS_MOD_FAIL
              Failure.

See Also

lcmaps.db(5), lcmaps(3).

Synopsis

lcmaps_localaccount.mod [-gridmapfilegrid-mapfile]

See Also

Man Pages
lcmaps Man Pages
Plugin
Plugin PNG Icons
Grid
Grid PNG Icons
Man Pages
lcmaps_voms_localaccount.mod Man Pages
Accounting
Accounting PNG Icons
TLDR
Mapfile - read arrays from standard input Tldr
Local
Local PNG Icons
User
User PNG Icons
Man Pages
The following list categorizes the known issues and irregularities with running Podman as a non Man Pages
← View System admin Category← Back to Miscellaneous diversions🙏  Credits & Acknowledgments