SYNOPSIS
lcas_voms.mod -vomsdir <vomsdir> -certdir <certdir> -authfile <authorization file> [-authformat <format of the authorization file>]
This plugin forms the link between the VOMS data found in the user grid credential (X509 certificate) and the lcas system. It will retrieve the VOMS data by using the VOMS API. The VOMS data will be checked against either a (simple) gridmap style file, a GACL-file or an XACML-file in order for the user job to be authorized on the site.
OPTIONS
-VOMSDIR <vomsdir>
See -vomsdir
-vomsdir <vomsdir>
This is the directory which contains the certificates of the VOMS servers
-CERTDIR <certdir>
See -certdir
-certdir <certdir>
This is the directory which contains the CA certificates
-authfile <authorization file>
In this file the authorization/access control based on VOMS information is specified. The format of this file is 'simple' (gridmap style), 'gacl' or 'xacml', which can be specified explicitly with the option -authformat or will be derived form the suffix of the authorization file (.gacl
and .xacml
for 'gacl' and 'xacml' formats, otherwise 'simple').
-authformat <format of the authorization file>
Format of the autorization file, values: gacl/GACL
, xacml/XACML
or simple
.
-gacl_use_voms_dn [yes|no|always]
GACL specific. This option specifies if the voms DN, found in the user certificate, should be included in the user gacl credential. Default is 'yes'. The following arguments are recognized:
yes
: For each VO-GROUP-ROLE combination found in the user certificate two gacl credentials are created: one with and one without the voms DN. In this way the user is also authorized if in the gacl in the authorization file the voms DN is not included (better if it is, though). always
: For each VO-GROUP-ROLE combination found in the user certificate only a gacl credential is created with the voms DN. no
: For each VO-GROUP-ROLE combination found in the usercertificate a gacl credential is created without the voms DN.
SEE ALSO
lcas_userallow.mod, lcas_userban.mod, lcas_timeslots.mod,