Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31170 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

MUNGE(7)		  MUNGE Uid 'N' Gid Emporium		      MUNGE(7)

NAME
       munge - MUNGE overview

INTRODUCTION
       MUNGE  (MUNGE  Uid  'N'	Gid Emporium) is an authentication service for
       creating and validating credentials.  It is designed to be highly scal‐
       able  for  use  in  an HPC cluster environment.	It allows a process to
       authenticate the UID and GID of another local or remote process	within
       a  group	 of  hosts having common users and groups.  These hosts form a
       security realm that is defined by a shared cryptographic key.   Clients
       within  this security realm can create and validate credentials without
       the use of root privileges, reserved ports, or platform-specific	 meth‐
       ods.

RATIONALE
       The  need for MUNGE arose out of the HPC cluster environment.  Consider
       the scenario in which a local daemon running on a login node receives a
       client  request and forwards it on to remote daemons running on compute
       nodes within the cluster.  Since the user has already logged on to  the
       login  node, the local daemon just needs a reliable means of ascertain‐
       ing the UID and GID of the client  process.   Furthermore,  the	remote
       daemons	need  a	 mechanism to ensure the forwarded authentication data
       has not been subsequently altered.

       A common solution to this problem is to	use  Unix  domain  sockets  to
       determine  the  identity	 of  the  local	 client, and then forward this
       information on to remote hosts via trusted rsh connections.   But  this
       presents	 several  new  problems.   First, there is no portable API for
       determining the identity of a client over a Unix domain	socket.	  Sec‐
       ond,  rsh  connections must originate from a reserved port; the limited
       number of reserved ports available on  a	 given	host  directly	limits
       scalability.  Third, root privileges are required in order to bind to a
       reserved port.  Finally, the remote daemons have no means of  determin‐
       ing whether the client identity is authentic.

USAGE
       A  process  creates a credential by requesting one from the local MUNGE
       service, either via the munge_encode() C library call or the munge exe‐
       cutable.	 The encoded credential contains the UID and GID of the origi‐
       nating process.	This process sends the credential to  another  process
       within  the  security  realm  as	 a means of proving its identity.  The
       receiving process validates the credential with the use	of  its	 local
       MUNGE  service,	either	via  the  munge_decode() C library call or the
       unmunge executable.  The	 decoded  credential  provides	the  receiving
       process	with  a	 reliable means of ascertaining the UID and GID of the
       originating process.  This information can be used  for	accounting  or
       access control decisions.

DETAILS
       The  contents  of  the credential (including any optional payload data)
       are encrypted with a key shared by all munged daemons within the	 secu‐
       rity  realm.   The  integrity of the credential is ensured by a message
       authentication code (MAC).  The credential is valid for a limited  time
       defined	by its time-to-live (TTL); this presumes clocks within a secu‐
       rity realm are in sync.	Unexpired credentials are tracked by the local
       munged  daemon  in  order  to  prevent  replay attacks on a given host.
       Decoding of a credential can be restricted to a particular user	and/or
       group  ID.  The payload data can be used for purposes such as embedding
       the destination's address to ensure the credential is only valid	 on  a
       specific	 host.	 The internal format of the credential is encoded in a
       platform-independent manner.   And  the	credential  itself  is	base64
       encoded to allow it to be transmitted over virtually any transport.

AUTHOR
       Chris Dunlap <cdunlap@llnl.gov>

COPYRIGHT
       Copyright (C) 2007-2011 Lawrence Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of California.

       MUNGE  is free software: you can redistribute it and/or modify it under
       the terms of the GNU General Public License as published	 by  the  Free
       Software	 Foundation,  either  version  3  of  the License, or (at your
       option) any later version.

       Additionally for the MUNGE library (libmunge), you can redistribute  it
       and/or  modify  it  under  the  terms  of the GNU Lesser General Public
       License as published by the Free Software Foundation, either version  3
       of the License, or (at your option) any later version.

SEE ALSO
       munge(1),     remunge(1),     unmunge(1),    munge(3),	 munge_ctx(3),
       munge_enum(3), munged(8).

       http://munge.googlecode.com/

munge-0.5.10			  2011-02-25			      MUNGE(7)

Vote for polarhome