oracular (8) munged.8.gz

Provided by: munge_0.5.15-4build1_amd64 bug

NAME

       munged - MUNGE daemon

SYNOPSIS

       munged [OPTION]...

DESCRIPTION

       The  munged  daemon  is  responsible  for authenticating local MUNGE clients and servicing
       their credential encode & decode requests.

       All munged daemons within a security realm share a common  key.   All  hosts  within  this
       realm  are  expected  to  have  common  users/UIDs  and  groups/GIDs.   The key is used to
       cryptographically protect the credentials; it is created with the mungekey command.

       When a credential is created, munged embeds metadata within it including the effective UID
       and  GID  of  the  requesting  client  (as  determined by munged) and the current time (as
       determined by the  local  clock).   It  then  compresses  the  data,  computes  a  message
       authentication code, encrypts the data, and base64-encodes the result before returning the
       credential to the client.

       When a credential is validated, munged first checks the  message  authentication  code  to
       ensure  the  credential  has  not been subsequently altered.  Next, it checks the embedded
       UID/GID restrictions to determine whether the requesting client is allowed to  decode  it.
       Then,  it  checks  the  embedded  encode time against the current time; if this difference
       exceeds the embedded time-to-live, the credential has expired.  Finally, it checks whether
       this  credential  has been previously decoded on this host; if so, the credential has been
       replayed.  If all checks pass, the credential metadata and payload  are  returned  to  the
       client.

OPTIONS

       -h, --help
              Display a summary of the command-line options.

       -L, --license
              Display license information.

       -V, --version
              Display version information.

       -f, --force
              Force  the  daemon  to  run  if  at  all  possible.  This overrides warnings for an
              existing local domain socket,  a  lack  of  entropy  for  the  PRNG,  and  insecure
              file/directory  permissions.   Use  with  caution  as overriding these warnings can
              affect security.

       -F, --foreground
              Run the daemon in the foreground.

       -M, --mlockall
              Lock all current and future pages in the virtual memory address space.   Access  to
              locked  pages  will never be delayed by a page fault.  This can improve performance
              and help the daemon remain  responsive  when  the  system  is  under  heavy  memory
              pressure.  This typically requires root privileges or the CAP_IPC_LOCK capability.

       -s, --stop
              Stop  the  daemon  bound  to the socket and wait for it to shut down.  Use with the
              --socket option to target a daemon bound to a non-default  socket  location.   This
              option  exits  with a zero status if the specified daemon was successfully stopped,
              or a non-zero status otherwise.

       -S, --socket path
              Specify the local domain socket for communicating with clients.

       -v, --verbose
              Be verbose.

       --auth-server-dir directory
              Specify an alternate directory in which the daemon will create  the  pipe  used  to
              authenticate  clients.   The  recommended  permissions for this directory are 0711.
              This option is only valid on platforms where client authentication is performed via
              a file-descriptor passing mechanism.

       --auth-client-dir directory
              Specify  an  alternate  directory  in  which  clients  will create the file used to
              authenticate themselves to  the  daemon.   The  recommended  permissions  for  this
              directory  are  1733.   This  option  is  only  valid  on  platforms  where  client
              authentication is performed via a file-descriptor passing mechanism.

       --benchmark
              Disable recurring timers in order to reduce some noise  while  benchmarking.   This
              affects  the  PRNG entropy pool, supplementary group mapping, and credential replay
              hash.  Do not enable this option when running in production.

       --group-check-mtime boolean
              Specify whether the modification  time  of  /etc/group  should  be  checked  before
              updating  the  supplementary  group membership mapping.  If this value is non-zero,
              the check will be enabled and the mapping will not be updated unless the  file  has
              been modified since the last update.

       --group-update-time seconds
              Specify the number of seconds between updates to the supplementary group membership
              mapping; this mapping is used when restricting credentials by GID.  A  value  of  0
              causes  it  to  be  computed  initially  but  never  updated (unless triggered by a
              SIGHUP).  A value of -1 causes it to be disabled.

       --key-file path
              Specify an alternate pathname to the key file.

       --log-file path
              Specify an alternate pathname to the log file.

       --max-ttl integer
              Specify the maximum allowable time-to-live value (in  seconds)  for  a  credential.
              This  setting has an upper-bound imposed by the hard-coded MUNGE_MAXIMUM_TTL value.
              Reducing it will limit the maximum growth of the credential replay cache.  This  is
              viable if clocks within the MUNGE realm can be kept in sync with minimal skew.

       --num-threads integer
              Specify the number of threads to spawn for processing credential requests.

       --origin address
              Specify the origin address that will be encoded into credential metadata.  This can
              be a hostname or IPv4 address;  it  can  also  be  the  name  of  a  local  network
              interface,  in  which  case the first IPv4 address found assigned to that interface
              will be used.  The default value is the IPv4 address of the  hostname  returned  by
              gethostname().   Failure  to  lookup  the  address  will  result  in  an  error; if
              overridden, the origin will be set to the null address.

       --pid-file path
              Specify an alternate pathname for storing the Process ID of the daemon.

       --seed-file path
              Specify an alternate pathname to the PRNG seed file.

       --syslog
              Redirect log messages to syslog when the daemon is running in the background.

       --trusted-group group
              Specify the group name or GID of the "trusted group".  This is used for  permission
              checks  on  a  directory  hierarchy.   Directories with group write permissions are
              allowed if they are owned by the trusted group (or the sticky bit is set).

SIGNALS

       SIGHUP Immediately update the supplementary group membership mapping  instead  of  waiting
              for the next scheduled update; this mapping is used when restricting credentials by
              GID.

       SIGTERM
              Terminate the daemon.

NOTES

       All clocks within a security realm must be kept in sync within the credential time-to-live
       setting.

       While munged prevents a given credential from being decoded on a particular host more than
       once, nothing prevents a credential from  being  decoded  on  multiple  hosts  within  the
       security realm before it expires.

AUTHOR

       Chris Dunlap <cdunlap@llnl.gov>

       Copyright (C) 2007-2022 Lawrence Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of California.

       MUNGE  is  free  software: you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation, either version  3
       of the License, or (at your option) any later version.

       Additionally  for  the  MUNGE library (libmunge), you can redistribute it and/or modify it
       under the terms of the GNU Lesser General Public License as published by the Free Software
       Foundation, either version 3 of the License, or (at your option) any later version.

SEE ALSO

       munge(1),   remunge(1),   unmunge(1),  munge(3),  munge_ctx(3),  munge_enum(3),  munge(7),
       mungekey(8).

       https://dun.github.io/munge/