1
2MUNGE(7)                  MUNGE Uid 'N' Gid Emporium                  MUNGE(7)
3
4
5

NAME

7       munge - MUNGE overview
8
9

INTRODUCTION

11       MUNGE  (MUNGE  Uid  'N'  Gid Emporium) is an authentication service for
12       creating and validating credentials.  It is designed to be highly scal‐
13       able  for  use  in  an HPC cluster environment.  It allows a process to
14       authenticate the UID and GID of another local or remote process  within
15       a  group  of  hosts having common users and groups.  These hosts form a
16       security realm that is defined by a shared cryptographic key.   Clients
17       within  this security realm can create and validate credentials without
18       the use of root privileges, reserved ports, or platform-specific  meth‐
19       ods.
20
21

RATIONALE

23       The  need for MUNGE arose out of the HPC cluster environment.  Consider
24       the scenario in which a local daemon running on a login node receives a
25       client  request and forwards it on to remote daemons running on compute
26       nodes within the cluster.  Since the user has already logged on to  the
27       login  node, the local daemon just needs a reliable means of ascertain‐
28       ing the UID and GID of the client  process.   Furthermore,  the  remote
29       daemons  need  a  mechanism to ensure the forwarded authentication data
30       has not been subsequently altered.
31
32       A common solution to this problem is to  use  Unix  domain  sockets  to
33       determine  the  identity  of  the  local  client, and then forward this
34       information on to remote hosts via trusted rsh connections.   But  this
35       presents  several  new  problems.   First, there is no portable API for
36       determining the identity of a client over a Unix domain  socket.   Sec‐
37       ond,  rsh  connections must originate from a reserved port; the limited
38       number of reserved ports available on  a  given  host  directly  limits
39       scalability.  Third, root privileges are required in order to bind to a
40       reserved port.  Finally, the remote daemons have no means of  determin‐
41       ing whether the client identity is authentic.
42
43

OVERVIEW

45       A  process  creates a credential by requesting one from the local MUNGE
46       service.  The encoded credential contains the UID and GID of the origi‐
47       nating  process.   This process sends the credential to another process
48       within the security realm as a means  of  proving  its  identity.   The
49       receiving  process  validates  the credential with the use of its local
50       MUNGE service.  The decoded credential provides the  receiving  process
51       with  a reliable means of ascertaining the UID and GID of the originat‐
52       ing process.  This information can be used  for  accounting  or  access
53       control decisions.
54
55       The  contents  of  the credential (including any optional payload data)
56       are encrypted with a key shared by all munged daemons within the  secu‐
57       rity  realm.   The  integrity of the credential is ensured by a message
58       authentication code (MAC).  The credential is valid for a limited  time
59       defined  by  its time-to-live (TTL).  The daemon ensures unexpired cre‐
60       dentials are not replayed on a particular host.  Decoding of a  creden‐
61       tial  can be restricted to a particular user and/or group ID.  The pay‐
62       load data can be used for purposes such as embedding the  destination's
63       address to ensure the credential is only valid on a specific host.  The
64       internal format of the credential is encoded in a  platform-independent
65       manner.   And the credential itself is base64 encoded to allow it to be
66       transmitted over virtually any transport.
67
68

AUTHOR

70       Chris Dunlap <cdunlap@llnl.gov>
71
72

COPYRIGHT

74       Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
75       Copyright (C) 2002-2007 The Regents of the University of California.
76
77       MUNGE is free software: you can redistribute it and/or modify it  under
78       the  terms  of  the GNU General Public License as published by the Free
79       Software Foundation, either version 3  of  the  License,  or  (at  your
80       option)  any  later  version.  Additionally for the MUNGE library (lib‐
81       munge), you can redistribute it and/or modify it under the terms of the
82       GNU  Lesser  General  Public  License as published by the Free Software
83       Foundation, either version 3 of the License, or (at  your  option)  any
84       later version.
85
86

SEE ALSO

88       munge(1),     remunge(1),     unmunge(1),    munge(3),    munge_ctx(3),
89       munge_enum(3), munged(8).
90
91       http://home.gna.org/munge/
92
93
94
95munge-0.5.9                       2010-03-23                          MUNGE(7)