lcas_voms.mod -vomsdir <vomsdir> -certdir <certdir> -authfile <authorization file> [-authformat <format of the authorization file>]
This plugin forms the link between the VOMS data found in the user grid credential (X509 certificate) and the lcas system. It will retrieve the VOMS data by using the VOMS API. The VOMS data will be checked against either a (simple) gridmap style file, a GACL-file or an XACML-file in order for the user job to be authorized on the site.
See -vomsdir
This is the directory which contains the certificates of the VOMS servers
See -certdir
This is the directory which contains the CA certificates
In this file the authorization/access control based on VOMS information is specified. The format of this file is 'simple' (gridmap style), 'gacl' or 'xacml', which can be specified explicitly with the option -authformat or will be derived form the suffix of the authorization file (
.gacl and
.xacml for 'gacl' and 'xacml' formats, otherwise 'simple').
Format of the autorization file, values: gacl/GACL
, xacml/XACML
or simple
.
GACL specific. This option specifies if the voms DN, found in the user certificate, should be included in the user gacl credential. Default is 'yes'. The following arguments are recognized:
yes
: For each VO-GROUP-ROLE combination found in the user certificate two gacl credentials are created: one with and one without the voms DN. In this way the user is also authorized if in the gacl in the authorization file the voms DN is not included (better if it is, though).
always
: For each VO-GROUP-ROLE combination found in the user certificate only a gacl credential is created with the voms DN.
no
: For each VO-GROUP-ROLE combination found in the usercertificate a gacl credential is created without the voms DN.
If this option is set also user proxies without voms information will be processed. If the user dn of the proxy is present in the gacl or gridmapfile, the user is authorized by this plugin.
- LCAS_MOD_SUCCESS : Success
- LCAS_MOD_FAIL : Failure
See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)
lcas_userallow.mod, lcas_userban.mod, lcas_timeslots.mod,
Generated on Fri May 27 18:10:49 2005 for lcas by
1.3.5