LCMAPS is a Local Credential MAPping Service, which allows credential acquisition (like Unix user ids) to Grid jobs that run on the local fabric. LCMAPS offers detailed support for plug-in modules.

There are two different module types: "acquisition" and "enforcement". The acquisition modules collect information on the credentials to be used for a particular request, but do not enforce these credentials. Such a separation is required, because the enforcement of, in particular, uids and gids (i.e. doing setuid or setgid) may impede the capability of other modules to do their task that may need enhanced privileges. Since the acquisition and enforcement of local credentials is a complex process, a new policy description language was designed to ease the configuration of this service for site administrators.

The following plug-in modules are provided with the system:

In a similar way to the case of LCAS, other plug-ins may be written to provide functionality specifically required by a site. The design of LCMAPS will ensure interoperability with any version of LCMAPS used.

The Job Repository

LCMAPS Job Repository (JR) will maintain a record of the credential information associated with all jobs running inside the fabric. By incorporating data persistence in the architecture (using a database as an archiving back-end) the JR can also be used to obtain information on actual credential mappings in the past, that were in effect for a particular job. The information is provided to the JR via the LCMAPS plug-in mechanism, and by modification to the job management system.