The lcmaps_verify_proxy plugin verifies the validity of a proxy chain and (optionally) a valid delegation, including restrictions on the life time of any proxies in the chain.

Arguments

• -certdir <dir> or -cadir <dir> : trust anchor repository directory to use for verification
• --only-enforce-lifetime-checks : This new option will skip the proxy certificate chain verification stage and will only enforce the lifetime check on the chain and the VOMS credentials.
• --[never_]discard_private_key_absense : allow the incoming proxy to (not) lack a private key. Normally, a private key in the proxy is required and is verified against the leaf proxy, to ensure that a true delegation was made to the invoking process.
• --max-proxy-level-ttl=<level>  : allow the proxy at level <level> to be at most time long. The level "L" is used to indicate the final 'leaf' level proxy. The smallest life time will take precedence.
• --max-voms-ttl : maximum time of all active VOMS ACs to be valid.

Example configurations

verify_proxy = "lcmaps_verify_proxy.mod"
" -certdir /etc/grid-security/certificates"
" --max-voms-ttl 48:00"
" --max-proxy-level-ttl=L 1d-00:05"
" --max-proxy-level-ttl=0 7d-00:05"

Other options and arguments to verify_proxy:

#" --[never_]discard_private_key_absence"
#" --max-proxy-level-ttl=<level> <time-length; example: 2d-13:37>"
#"   Sets a maximum lifetime for proxy certificate level <level> where <level> can be 0-9 or 'l' or 'L' to indicate a Leaf proxy (last proxy in the chain)"