next up previous
Next: Installation Up: Guide to LCMAPS Previous: Guide to LCMAPS


The Gridification subtask of WP4 of the European Datagrid project interfaces the local fabric to other middleware components by a number of services, among which the Local Centre Authorization Service (LCAS) handles authorization requests to the local computing fabric and the Local Credential Mapping Service (LCMAPS) provides all local credentials needed for jobs allowed into the fabric. This document describes a prototype version of LCMAPS, which is the second component released by the Gridification subtask, the first being LCAS.

Initially LCMAPS will only be used by the gatekeeper running on a Computing Element (CE), but eventually other services (e.g. gridftp server) may rely on LCMAPS for their local credential mapping. LCMAPS is implemented as a shared library, which is loaded dynamically by the globus gatekeeper. The gatekeeper has been slightly modified for this purpose and will from now on be referred to as edg-gatekeeper.

LCMAPS is a framework that can load and run one or more 'credential mapping' plugins. The use of a plugin-framework architecture for LCMAPS makes it very easy for sites/organizations to add new functionality to LCMAPS by writing new plugins. The LCMAPS framework consists of the following components:

Based on the user global credentials (more specifically the user's X509 certificate) and the job specification (JDL), the LCMAPS plugins have to perform either of these two tasks:
  1. acquire local credentials (A).
  2. enforce (apply) the local credentials (E).
The local credentials that are gathered (UNIX uids, gids, VO information, AFS/Kerberos (?) tokens), are stored internally, but a new WP4 component, the job repository, is foreseen in which these credentials may be stored as well and which is accessible by other applications and services. The following LCMAPS plugins are currently available:

More information on LCMAPS and other components of the Gridification subsystem can be found in:

A few example scripts are added, which can be used to setup poolaccounts, poolgroups in LDAP:

next up previous
Next: Installation Up: Guide to LCMAPS Previous: Guide to LCMAPS
Martijn Steenbakkers, Thursday Mar 04 2004