voms plugin

Main Page Modules Data Structures File List Data Fields Globals Related Pages

voms plugin

SYNOPSIS

lcas_voms.mod -vomsdir <vomsdir> -certdir <certdir> -authfile <authorization file> [-authformat <format of the authorization file>]

This plugin forms the link between the VOMS data found in the user grid credential (X509 certificate) and the lcas system. It will retrieve the VOMS data by using the VOMS API. The VOMS data will be checked against either a (simple) gridmap style file, a GACL-file or an XACML-file in order for the user job to be authorized on the site.

OPTIONS

-VOMSDIR <vomsdir>

See -vomsdir

-vomsdir <vomsdir>

This is the directory which contains the certificates of the VOMS servers

-CERTDIR <certdir>

See -certdir

-certdir <certdir>

This is the directory which contains the CA certificates

-authfile <authorization file>

In this file the authorization/access control based on VOMS information is specified. The format of this file is 'simple' (gridmap style), 'gacl' or 'xacml', which can be specified explicitly with the option -authformat or will be derived form the suffix of the authorization file (.gacl and .xacml for 'gacl' and 'xacml' formats, otherwise 'simple').

-authformat <format of the authorization file>

Format of the autorization file, values: gacl/GACL, xacml/XACML or simple.

-gacl_use_voms_dn [yes|no|always]

GACL specific. This option specifies if the voms DN, found in the user certificate, should be included in the user gacl credential. Default is 'yes'. The following arguments are recognized:

yes : For each VO-GROUP-ROLE combination found in the user certificate two gacl credentials are created: one with and one without the voms DN. In this way the user is also authorized if in the gacl in the authorization file the voms DN is not included (better if it is, though).
always : For each VO-GROUP-ROLE combination found in the user certificate only a gacl credential is created with the voms DN.
no : For each VO-GROUP-ROLE combination found in the usercertificate a gacl credential is created without the voms DN.

-use_user_dn

If this option is set also user proxies without voms information will be processed. If the user dn of the proxy is present in the gacl or gridmapfile, the user is authorized by this plugin.

RETURN VALUES

LCAS_MOD_SUCCESS : Success
LCAS_MOD_FAIL : Failure

ERRORS

See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)

voms plugin

SYNOPSIS

DESCRIPTION

OPTIONS

-VOMSDIR <vomsdir>

-vomsdir <vomsdir>

-CERTDIR <certdir>

-certdir <certdir>

-authfile <authorization file>

-authformat <format of the authorization file>

-gacl_use_voms_dn [yes|no|always]

-use_user_dn

RETURN VALUES

ERRORS

SEE ALSO