Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
MUNGE(7)		  MUNGE	Uid 'N'	Gid Emporium		      MUNGE(7)

       munge - MUNGE overview

       MUNGE  (MUNGE  Uid  'N'	Gid Emporium) is an authentication service for
       creating	and validating credentials.  It	is designed to be highly scal-
       able for	use in an HPC cluster environment.  It allows a	process	to au-
       thenticate the UID and GID of another local or remote process within  a
       group  of hosts having common users and groups.	These hosts form a se-
       curity realm that is defined by a shared	 cryptographic	key.   Clients
       within  this security realm can create and validate credentials without
       the use of root privileges, reserved ports, or platform-specific	 meth-

       The  need for MUNGE arose out of	the HPC	cluster	environment.  Consider
       the scenario in which a local daemon running on a login node receives a
       client  request and forwards it on to remote daemons running on compute
       nodes within the	cluster.  Since	the user has already logged on to  the
       login  node, the	local daemon just needs	a reliable means of ascertain-
       ing the UID and GID of the client  process.   Furthermore,  the	remote
       daemons	need  a	 mechanism to ensure the forwarded authentication data
       has not been subsequently altered.

       A common	solution to this problem is to use Unix	domain sockets to  de-
       termine	the identity of	the local client, and then forward this	infor-
       mation on to remote  hosts  via	trusted	 rsh  connections.   But  this
       presents	several	new problems.  First, there is no portable API for de-
       termining the identity of a client over a Unix domain socket.   Second,
       rsh connections must originate from a reserved port; the	limited	number
       of reserved ports available on a	given host directly  limits  scalabil-
       ity.   Third,  root  privileges	are required in	order to bind to a re-
       served port.  Finally, the remote daemons have no means of  determining
       whether the client identity is authentic.

       A  process  creates a credential	by requesting one from the local MUNGE
       service,	either via the munge_encode() C	library	call or	the munge exe-
       cutable.	 The encoded credential	contains the UID and GID of the	origi-
       nating process.	This process sends the credential to  another  process
       within  the security realm as a means of	proving	its identity.  The re-
       ceiving process validates the credential	with  the  use	of  its	 local
       MUNGE  service, either via the munge_decode() C library call or the un-
       munge  executable.   The	 decoded  credential  provides	the  receiving
       process	with  a	 reliable means	of ascertaining	the UID	and GID	of the
       originating process.  This information can be used  for	accounting  or
       access control decisions.

       The  contents  of  the credential (including any	optional payload data)
       are encrypted with a key	shared by all munged daemons within the	 secu-
       rity  realm.   The  integrity of	the credential is ensured by a message
       authentication code (MAC).  The credential is valid for a limited  time
       defined	by its time-to-live (TTL); this	presumes clocks	within a secu-
       rity realm are in sync.	Unexpired credentials are tracked by the local
       munged  daemon in order to prevent replay attacks on a given host.  De-
       coding of a credential can be restricted	to a  particular  user	and/or
       group  ID.  The payload data can	be used	for purposes such as embedding
       the destination's address to ensure the credential is only valid	 on  a
       specific	 host.	 The internal format of	the credential is encoded in a
       platform-independent manner.  And the credential	itself is  base64  en-
       coded to	allow it to be transmitted over	virtually any transport.

       Chris Dunlap <>

       Copyright (C) 2007-2016 Lawrence	Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of	California.

       MUNGE  is free software:	you can	redistribute it	and/or modify it under
       the terms of the	GNU General Public License as published	 by  the  Free
       Software	 Foundation,  either version 3 of the License, or (at your op-
       tion) any later version.

       Additionally for	the MUNGE library (libmunge), you can redistribute  it
       and/or  modify  it under	the terms of the GNU Lesser General Public Li-
       cense as	published by the Free Software Foundation, either version 3 of
       the License, or (at your	option)	any later version.

       munge(1),     remunge(1),     unmunge(1),    munge(3),	 munge_ctx(3),
       munge_enum(3), munged(8).

munge-0.5.12			  2016-02-25			      MUNGE(7)


Want to link to this manual page? Use this URL:

home | help