Provided by: munge_0.5.13-2_amd64 bug

NAME

       munged - MUNGE daemon

SYNOPSIS

       munged [OPTION]...

DESCRIPTION

       The  munged  daemon  is  responsible  for authenticating local MUNGE clients and servicing
       their credential encode & decode requests.  All munged daemons  within  a  security  realm
       share a secret key.  This key is used to protect the contents of a credential.

       When a credential is created, munged embeds metadata within it including the effective UID
       and GID of the requesting client (as determined  by  munged)  and  the  current  time  (as
       determined  by  the  local  clock).   It  then  compresses  the  data,  computes a message
       authentication code, encrypts the data, and base64-encodes the result before returning the
       credential to the client.

       When  a  credential  is  validated, munged first checks the message authentication code to
       ensure the credential has not been subsequently altered.  Next,  it  checks  the  embedded
       UID/GID  restrictions  to determine whether the requesting client is allowed to decode it.
       Then, it checks the embedded encode time against the  current  time;  if  this  difference
       exceeds the embedded time-to-live, the credential has expired.  Finally, it checks whether
       this credential has been previously decoded on this host; if so, the credential  has  been
       replayed.   If  all  checks  pass, the credential metadata and payload are returned to the
       client.

OPTIONS

       -h, --help
              Display a summary of the command-line options.

       -L, --license
              Display license information.

       -V, --version
              Display version information.

       -f, --force
              Force the daemon to run if  at  all  possible.   This  overrides  warnings  for  an
              existing  local  domain  socket,  a  lack  of  entropy  for  the PRNG, and insecure
              file/directory permissions.  Use with caution  as  overriding  these  warnings  can
              affect security.

       -F, --foreground
              Run the daemon in the foreground.

       -M, --mlockall
              Lock  all  current and future pages in the virtual memory address space.  Access to
              locked pages will never be delayed by a page fault.  This can  improve  performance
              and  help  the  daemon  remain  responsive  when  the  system is under heavy memory
              pressure.  This typically requires root privileges or the CAP_IPC_LOCK capability.

       -S, --socket path
              Specify the local domain socket for communicating with clients.

       --auth-server-dir directory
              Specify an alternate directory in which the daemon will create  the  pipe  used  to
              authenticate  clients.   The  recommended  permissions for this directory are 0711.
              This option is only valid on platforms where client authentication is performed via
              a file-descriptor passing mechanism.

       --auth-client-dir directory
              Specify  an  alternate  directory  in  which  clients  will create the file used to
              authenticate themselves to  the  daemon.   The  recommended  permissions  for  this
              directory  are  1733.   This  option  is  only  valid  on  platforms  where  client
              authentication is performed via a file-descriptor passing mechanism.

       --benchmark
              Disable recurring timers in order to reduce some noise  while  benchmarking.   This
              affects  the  PRNG entropy pool, supplementary group mapping, and credential replay
              hash.  Do not enable this option when running in production.

       --group-check-mtime boolean
              Specify whether the modification  time  of  /etc/group  should  be  checked  before
              updating  the  supplementary  group membership mapping.  If this value is non-zero,
              the check will be enabled and the mapping will not be updated unless the  file  has
              been modified since the last update.

       --group-update-time integer
              Specify the number of seconds between updates to the supplementary group membership
              mapping; this mapping is used when restricting credentials by GID.  A  value  of  0
              causes  it  to  be  computed  initially  but  never  updated (unless triggered by a
              SIGHUP).  A value of -1 causes it to be disabled.

       --key-file path
              Specify an alternate pathname to the key file.

       --log-file path
              Specify an alternate pathname to the log file.

       --max-ttl integer
              Specify the maximum allowable time-to-live value (in  seconds)  for  a  credential.
              This  setting has an upper-bound imposed by the hard-coded MUNGE_MAXIMUM_TTL value.
              Reducing it will limit the maximum growth of the credential replay cache.  This  is
              viable if clocks within the MUNGE realm can be kept in sync with minimal skew.

       --num-threads integer
              Specify the number of threads to spawn for processing credential requests.

       --pid-file path
              Specify an alternate pathname for storing the Process ID of the daemon.

       --seed-file path
              Specify an alternate pathname to the PRNG seed file.

       --syslog
              Redirect log messages to syslog when the daemon is running in the background.

       --trusted-group group
              Specify  the group name or GID of the "trusted group".  This is used for permission
              checks on a directory hierarchy.  Directories  with  group  write  permissions  are
              allowed if they are owned by the trusted group (or the sticky bit is set).

SIGNALS

       SIGHUP Immediately  update  the  supplementary group membership mapping instead of waiting
              for the next scheduled update; this mapping is used when restricting credentials by
              GID.

       SIGTERM
              Terminate the daemon.

NOTES

       All clocks within a security realm must be kept in sync within the credential time-to-live
       setting.

       While munged prevents a given credential from being decoded on a particular host more than
       once,  nothing  prevents  a  credential  from  being  decoded on multiple hosts within the
       security realm before it expires.

AUTHOR

       Chris Dunlap <cdunlap@llnl.gov>

COPYRIGHT

       Copyright (C) 2007-2017 Lawrence Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of California.

       MUNGE is free software: you can redistribute it and/or modify it under the  terms  of  the
       GNU  General Public License as published by the Free Software Foundation, either version 3
       of the License, or (at your option) any later version.

       Additionally for the MUNGE library (libmunge), you can redistribute it  and/or  modify  it
       under the terms of the GNU Lesser General Public License as published by the Free Software
       Foundation, either version 3 of the License, or (at your option) any later version.

SEE ALSO

       munge(1), remunge(1), unmunge(1), munge(3), munge_ctx(3), munge_enum(3), munge(7).

       https://dun.github.io/munge/