oracular (7) munge.7.gz

Provided by: munge_0.5.15-4build1_amd64 bug

NAME

       munge - MUNGE overview

INTRODUCTION

       MUNGE  (MUNGE  Uid  'N'  Gid  Emporium)  is  an  authentication  service  for creating and
       validating user credentials.  It is designed to be highly  scalable  for  use  in  an  HPC
       cluster  environment.   It provides a portable API for encoding the user's identity into a
       tamper-proof credential that can be obtained by  an  untrusted  client  and  forwarded  by
       untrusted  intermediaries  within  a security realm.  Clients within this realm can create
       and validate credentials without the use of root privileges, reserved ports, or  platform-
       specific methods.

RATIONALE

       The  need  for  MUNGE  arose out of the HPC cluster environment.  Consider the scenario in
       which a local daemon running on a login node receives a client request and forwards it  on
       to remote daemons running on compute nodes within the cluster.  Since the user has already
       logged on to the login node, the local daemon just needs a reliable means of  ascertaining
       the  UID  and GID of the client process.  Furthermore, the remote daemons need a mechanism
       to ensure the forwarded authentication data has not been subsequently altered.

       A common solution to this problem is to use Unix domain sockets to determine the  identity
       of  the local client, and then forward this information on to remote hosts via trusted rsh
       connections.  But this presents several new problems.  First, there is no portable API for
       determining  the  identity of a client over a Unix domain socket.  Second, rsh connections
       must originate from a reserved port; the limited number of reserved ports available  on  a
       given  host  directly limits scalability.  Third, root privileges are required in order to
       bind to a reserved port.  Finally, the remote daemons have no means of determining whether
       the client identity is authentic.  MUNGE solves all of these problems.

USAGE

       A  process creates a credential by requesting one from the local MUNGE service, either via
       the munge_encode() C library  call  or  the  munge  executable.   The  encoded  credential
       contains the UID and GID of the originating process.  This process sends the credential to
       another process within the security realm  as  a  means  of  proving  its  identity.   The
       receiving process validates the credential with the use of its local MUNGE service, either
       via the munge_decode() C library call or the unmunge executable.  The  decoded  credential
       provides  the  receiving  process with a reliable means of ascertaining the UID and GID of
       the originating process.  This information can be used for accounting  or  access  control
       decisions.

DETAILS

       The  contents of the credential (including any optional payload data) are encrypted with a
       key shared by all munged  daemons  within  the  security  realm.   The  integrity  of  the
       credential is ensured by a message authentication code (MAC).  The credential is valid for
       a limited time defined by its time-to-live (TTL); this presumes clocks within  a  security
       realm  are in sync.  Unexpired credentials are tracked by the local munged daemon in order
       to prevent replay attacks on a given host.  Decoding of a credential can be restricted  to
       a  particular  user  and/or  group  ID.  The payload data can be used for purposes such as
       embedding the destination's address to ensure the credential is only valid on  a  specific
       host.   The internal format of the credential is encoded in a platform-independent manner.
       And the credential itself is base64 encoded to allow it to be transmitted  over  virtually
       any transport.

AUTHOR

       Chris Dunlap <cdunlap@llnl.gov>

       Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of California.

       MUNGE  is  free  software: you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation, either version  3
       of the License, or (at your option) any later version.

       Additionally  for  the  MUNGE library (libmunge), you can redistribute it and/or modify it
       under the terms of the GNU Lesser General Public License as published by the Free Software
       Foundation, either version 3 of the License, or (at your option) any later version.

SEE ALSO

       munge(1),   remunge(1),  unmunge(1),  munge(3),  munge_ctx(3),  munge_enum(3),  munged(8),
       mungekey(8).

       https://dun.github.io/munge/