Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
MUNGE(7)		  MUNGE	Uid 'N'	Gid Emporium		      MUNGE(7)

NAME
       munge - MUNGE overview

INTRODUCTION
       MUNGE  (MUNGE  Uid  'N'	Gid Emporium) is an authentication service for
       creating	and validating user credentials.  It is	designed to be	highly
       scalable	for use	in an HPC cluster environment.	It provides a portable
       API  for	 encoding  the	user's identity	into a tamper-proof credential
       that can	be obtained by an untrusted client and forwarded by  untrusted
       intermediaries  within a	security realm.	 Clients within	this realm can
       create and validate credentials without the use of root privileges, re-
       served ports, or	platform-specific methods.

RATIONALE
       The need	for MUNGE arose	out of the HPC cluster environment.   Consider
       the scenario in which a local daemon running on a login node receives a
       client  request and forwards it on to remote daemons running on compute
       nodes within the	cluster.  Since	the user has already logged on to  the
       login  node, the	local daemon just needs	a reliable means of ascertain-
       ing the UID and GID of the client  process.   Furthermore,  the	remote
       daemons	need  a	 mechanism to ensure the forwarded authentication data
       has not been subsequently altered.

       A common	solution to this problem is to use Unix	domain sockets to  de-
       termine	the identity of	the local client, and then forward this	infor-
       mation on to remote  hosts  via	trusted	 rsh  connections.   But  this
       presents	several	new problems.  First, there is no portable API for de-
       termining  the identity of a client over	a Unix domain socket.  Second,
       rsh connections must originate from a reserved port; the	limited	number
       of reserved ports available on a	given host directly  limits  scalabil-
       ity.   Third,  root  privileges	are required in	order to bind to a re-
       served port.  Finally, the remote daemons have no means of  determining
       whether	the  client  identity is authentic.  MUNGE solves all of these
       problems.

USAGE
       A process creates a credential by requesting one	from the  local	 MUNGE
       service,	either via the munge_encode() C	library	call or	the munge exe-
       cutable.	 The encoded credential	contains the UID and GID of the	origi-
       nating  process.	  This process sends the credential to another process
       within the security realm as a means of proving its identity.  The  re-
       ceiving	process	 validates  the	 credential  with the use of its local
       MUNGE service, either via the munge_decode() C library call or the  un-
       munge  executable.   The	 decoded  credential  provides	the  receiving
       process with a reliable means of	ascertaining the UID and  GID  of  the
       originating  process.   This  information can be	used for accounting or
       access control decisions.

DETAILS
       The contents of the credential (including any  optional	payload	 data)
       are  encrypted with a key shared	by all munged daemons within the secu-
       rity realm.  The	integrity of the credential is ensured	by  a  message
       authentication  code (MAC).  The	credential is valid for	a limited time
       defined by its time-to-live (TTL); this presumes	clocks within a	 secu-
       rity realm are in sync.	Unexpired credentials are tracked by the local
       munged  daemon in order to prevent replay attacks on a given host.  De-
       coding of a credential can be restricted	to a  particular  user	and/or
       group  ID.  The payload data can	be used	for purposes such as embedding
       the destination's address to ensure the credential is only valid	 on  a
       specific	 host.	 The internal format of	the credential is encoded in a
       platform-independent manner.  And the credential	itself is  base64  en-
       coded to	allow it to be transmitted over	virtually any transport.

AUTHOR
       Chris Dunlap <cdunlap@llnl.gov>

COPYRIGHT
       Copyright (C) 2007-2024 Lawrence	Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of	California.

       MUNGE  is free software:	you can	redistribute it	and/or modify it under
       the terms of the	GNU General Public License as published	 by  the  Free
       Software	 Foundation,  either version 3 of the License, or (at your op-
       tion) any later version.

       Additionally for	the MUNGE library (libmunge), you can redistribute  it
       and/or  modify  it under	the terms of the GNU Lesser General Public Li-
       cense as	published by the Free Software Foundation, either version 3 of
       the License, or (at your	option)	any later version.

SEE ALSO
       munge(1),    remunge(1),	   unmunge(1),	   munge(3),	 munge_ctx(3),
       munge_enum(3), munged(8), mungekey(8).

       https://github.com/dun/munge

munge-0.5.16			  2024-03-15			      MUNGE(7)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=munge&sektion=7&manpath=FreeBSD+Ports+14.3.quarterly>

home | help