Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
MUNGED(8)		  MUNGE	Uid 'N'	Gid Emporium		     MUNGED(8)

       munged -	MUNGE daemon

       munged [OPTION]...

       The munged daemon is responsible	for authenticating local MUNGE clients
       and servicing their credential encode & decode requests.

       All munged daemons within a security realm share	 a  common  key.   All
       hosts  within  this  realm  are	expected to have common	users/UIDs and
       groups/GIDs.  The key is	used to	cryptographically protect the  creden-
       tials; it is created with the mungekey command.

       When  a credential is created, munged embeds metadata within it includ-
       ing the effective UID and GID of	the requesting client  (as  determined
       by munged) and the current time (as determined by the local clock).  It
       then compresses the data, computes a message authentication  code,  en-
       crypts  the  data,  and	base64-encodes the result before returning the
       credential to the client.

       When a credential is validated, munged first checks the message authen-
       tication	 code  to  ensure the credential has not been subsequently al-
       tered.  Next, it	checks the embedded UID/GID restrictions to  determine
       whether the requesting client is	allowed	to decode it.  Then, it	checks
       the embedded encode time	against	the current time; if  this  difference
       exceeds	the  embedded  time-to-live,  the credential has expired.  Fi-
       nally, it checks	whether	this credential	has been previously decoded on
       this  host;  if	so,  the  credential has been replayed.	 If all	checks
       pass, the credential metadata and payload are returned to the client.

       -h, --help
	      Display a	summary	of the command-line options.

       -L, --license
	      Display license information.

       -V, --version
	      Display version information.

       -f, --force
	      Force the	daemon to run if  at  all  possible.   This  overrides
	      warnings	for an existing	local domain socket, a lack of entropy
	      for the PRNG, and	insecure file/directory	permissions.  Use with
	      caution as overriding these warnings can affect security.

       -F, --foreground
	      Run the daemon in	the foreground.

       -M, --mlockall
	      Lock  all	current	and future pages in the	virtual	memory address
	      space.  Access to	locked pages will never	be delayed by  a  page
	      fault.   This can	improve	performance and	help the daemon	remain
	      responsive when the system is under heavy	memory pressure.  This
	      typically	 requires root privileges or the CAP_IPC_LOCK capabil-

       -s, --stop
	      Stop the daemon bound to the socket and  wait  for  it  to  shut
	      down.   Use with the --socket option to target a daemon bound to
	      a	non-default socket location.  This option exits	 with  a  zero
	      status  if  the  specified daemon	was successfully stopped, or a
	      non-zero status otherwise.

       -S, --socket path
	      Specify the local	domain socket for communicating	with clients.

       -v, --verbose
	      Be verbose.

       --auth-server-dir directory
	      Specify an alternate directory in	which the daemon  will	create
	      the  pipe	used to	authenticate clients.  The recommended permis-
	      sions for	this directory are 0711.  This option is only valid on
	      platforms	 where	client authentication is performed via a file-
	      descriptor passing mechanism.

       --auth-client-dir directory
	      Specify an alternate directory in	which clients will create  the
	      file  used to authenticate themselves to the daemon.  The	recom-
	      mended permissions for this directory are	1733.  This option  is
	      only valid on platforms where client authentication is performed
	      via a file-descriptor passing mechanism.

	      Disable recurring	timers in order	to  reduce  some  noise	 while
	      benchmarking.  This affects the PRNG entropy pool, supplementary
	      group mapping, and credential replay hash.  Do not  enable  this
	      option when running in production.

       --group-check-mtime boolean
	      Specify  whether	the  modification time of /etc/group should be
	      checked before updating the supplementary	group membership  map-
	      ping.   If this value is non-zero, the check will	be enabled and
	      the mapping will not be updated unless the file has  been	 modi-
	      fied since the last update.

       --group-update-time integer
	      Specify  the number of seconds between updates to	the supplemen-
	      tary group membership mapping; this mapping  is  used  when  re-
	      stricting	credentials by GID.  A value of	0 causes it to be com-
	      puted  initially	but  never  updated  (unless  triggered	 by  a
	      SIGHUP).	A value	of -1 causes it	to be disabled.

       --key-file path
	      Specify an alternate pathname to the key file.

       --log-file path
	      Specify an alternate pathname to the log file.

       --max-ttl integer
	      Specify  the  maximum  allowable time-to-live value (in seconds)
	      for a credential.	 This setting has an  upper-bound  imposed  by
	      the  hard-coded MUNGE_MAXIMUM_TTL	value.	Reducing it will limit
	      the maximum growth of the	credential replay cache.  This is  vi-
	      able  if	clocks within the MUNGE	realm can be kept in sync with
	      minimal skew.

       --num-threads integer
	      Specify the number of threads to spawn for processing credential

       --origin	address
	      Specify  the origin address that will be encoded into credential
	      metadata.	 This can be a hostname	or IPv4	address; it  can  also
	      be  the  name  of	 a  local network interface, in	which case the
	      first IPv4 address found assigned	 to  that  interface  will  be
	      used.  The default value is the IPv4 address of the hostname re-
	      turned by	gethostname().	Failure	to lookup the address will re-
	      sult  in	an error; if overridden, the origin will be set	to the
	      null address.

       --pid-file path
	      Specify an alternate pathname for	storing	the Process ID of  the

       --seed-file path
	      Specify an alternate pathname to the PRNG	seed file.

	      Redirect	log  messages  to syslog when the daemon is running in
	      the background.

       --trusted-group group
	      Specify the group	name or	GID of the "trusted group".   This  is
	      used  for	 permission checks on a	directory hierarchy.  Directo-
	      ries with	group write permissions	are allowed if they are	 owned
	      by the trusted group (or the sticky bit is set).

       SIGHUP Immediately  update  the	supplementary group membership mapping
	      instead of waiting for the next scheduled	update;	 this  mapping
	      is used when restricting credentials by GID.

	      Terminate	the daemon.

       All clocks within a security realm must be kept in sync within the cre-
       dential time-to-live setting.

       While munged prevents a given credential	from being decoded on  a  par-
       ticular	host  more than	once, nothing prevents a credential from being
       decoded on multiple hosts within	the security realm before it expires.

       Chris Dunlap <>

       Copyright (C) 2007-2020 Lawrence	Livermore National Security, LLC.
       Copyright (C) 2002-2007 The Regents of the University of	California.

       MUNGE is	free software: you can redistribute it and/or modify it	 under
       the  terms  of  the GNU General Public License as published by the Free
       Software	Foundation, either version 3 of	the License, or	(at  your  op-
       tion) any later version.

       Additionally  for the MUNGE library (libmunge), you can redistribute it
       and/or modify it	under the terms	of the GNU Lesser General  Public  Li-
       cense as	published by the Free Software Foundation, either version 3 of
       the License, or (at your	option)	any later version.

       munge(1),    remunge(1),	   unmunge(1),	   munge(3),	 munge_ctx(3),
       munge_enum(3), munge(7),	mungekey(8).

munge-0.5.14			  2020-01-14			     MUNGED(8)


Want to link to this manual page? Use this URL:

home | help