Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
MUNGE(7)		  MUNGE	Uid 'N'	Gid Emporium		      MUNGE(7)

       munge - MUNGE overview

       MUNGE  (MUNGE  Uid  'N'	Gid Emporium) is an authentication service for
       creating	and validating user credentials.  It is	designed to be	highly
       scalable	for use	in an HPC cluster environment.	It provides a portable
       API for encoding	the user's identity  into  a  tamper-proof  credential
       that  can be obtained by	an untrusted client and	forwarded by untrusted
       intermediaries within a security	realm.	Clients	within this realm  can
       create and validate credentials without the use of root privileges, re-
       served ports, or	platform-specific methods.

       The need	for MUNGE arose	out of the HPC cluster environment.   Consider
       the scenario in which a local daemon running on a login node receives a
       client request and forwards it on to remote daemons running on  compute
       nodes  within the cluster.  Since the user has already logged on	to the
       login node, the local daemon just needs a reliable means	of  ascertain-
       ing  the	 UID  and  GID of the client process.  Furthermore, the	remote
       daemons need a mechanism	to ensure the  forwarded  authentication  data
       has not been subsequently altered.

       A  common solution to this problem is to	use Unix domain	sockets	to de-
       termine the identity of the local client, and then forward this	infor-
       mation  on  to  remote  hosts  via  trusted  rsh	connections.  But this
       presents	several	new problems.  First, there is no portable API for de-
       termining  the identity of a client over	a Unix domain socket.  Second,
       rsh connections must originate from a reserved port; the	limited	number
       of  reserved  ports available on	a given	host directly limits scalabil-
       ity.  Third, root privileges are	required in order to  bind  to	a  re-
       served  port.  Finally, the remote daemons have no means	of determining
       whether the client identity is authentic.  MUNGE	solves	all  of	 these

       A  process  creates a credential	by requesting one from the local MUNGE
       service,	either via the munge_encode() C	library	call or	the munge exe-
       cutable.	 The encoded credential	contains the UID and GID of the	origi-
       nating process.	This process sends the credential to  another  process
       within  the security realm as a means of	proving	its identity.  The re-
       ceiving process validates the credential	with  the  use	of  its	 local
       MUNGE  service, either via the munge_decode() C library call or the un-
       munge  executable.   The	 decoded  credential  provides	the  receiving
       process	with  a	 reliable means	of ascertaining	the UID	and GID	of the
       originating process.  This information can be used  for	accounting  or
       access control decisions.

       The  contents  of  the credential (including any	optional payload data)
       are encrypted with a key	shared by all munged daemons within the	 secu-
       rity  realm.   The  integrity of	the credential is ensured by a message
       authentication code (MAC).  The credential is valid for a limited  time
       defined	by its time-to-live (TTL); this	presumes clocks	within a secu-
       rity realm are in sync.	Unexpired credentials are tracked by the local
       munged  daemon in order to prevent replay attacks on a given host.  De-
       coding of a credential can be restricted	to a  particular  user	and/or
       group  ID.  The payload data can	be used	for purposes such as embedding
       the destination's address to ensure the credential is only valid	 on  a
       specific	 host.	 The internal format of	the credential is encoded in a
       platform-independent manner.  And the credential	itself is  base64  en-
       coded to	allow it to be transmitted over	virtually any transport.

       Chris Dunlap <>

       Copyright (C) 2007-2020 Lawrence	Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of	California.

       MUNGE  is free software:	you can	redistribute it	and/or modify it under
       the terms of the	GNU General Public License as published	 by  the  Free
       Software	 Foundation,  either version 3 of the License, or (at your op-
       tion) any later version.

       Additionally for	the MUNGE library (libmunge), you can redistribute  it
       and/or  modify  it under	the terms of the GNU Lesser General Public Li-
       cense as	published by the Free Software Foundation, either version 3 of
       the License, or (at your	option)	any later version.

       munge(1),     remunge(1),     unmunge(1),    munge(3),	 munge_ctx(3),
       munge_enum(3), munged(8), mungekey(8).

munge-0.5.14			  2020-01-14			      MUNGE(7)


Want to link to this manual page? Use this URL:

home | help