1
2UNMUNGE(1) MUNGE Uid 'N' Gid Emporium UNMUNGE(1)
3
4
5
7 unmunge - MUNGE credential decoder
8
9
11 unmunge [OPTION]...
12
13
15 The unmunge program validates a MUNGE credential (e.g., one created by
16 the munge program).
17
18 By default, the credential is read from stdin and the metadata and pay‐
19 load are written to stdout. When the metadata and payload are written
20 to the same stream, they are separated by a blank line.
21
22
24 -h, --help
25 Display a summary of the command-line options.
26
27 -L, --license
28 Display license information.
29
30 -V, --version
31 Display version information.
32
33 -i, --input file
34 Input the credential from the specified file.
35
36 -n, --no-output
37 Discard all output, both metadata and payload.
38
39 -m, --metadata file
40 Output metadata to the specified file.
41
42 -o, --output file
43 Output the payload to the specified file.
44
45 -k, --keys string
46 Specify a subset of metadata keys to output. The keys are case-
47 insensitive and delimited by whitespace, commas, semicolons, or
48 periods -- as long as the string is treated as a single argument
49 by the shell (e.g., enclosed by quotes). Invalid keys are ig‐
50 nored. If a subset is not specified, all available keys are se‐
51 lected by default.
52
53 -K, --list-keys
54 Display a list of metadata keys.
55
56 -N, --numeric
57 Display metadata values numerically. This omits conversions
58 from IP addresses to hostnames, seconds to date and time
59 strings, UIDs to user names, GIDs to group names, and ci‐
60 pher/mac/zip type lookups.
61
62 -S, --socket path
63 Specify the local domain socket for connecting with munged.
64
65
67 The following metadata keys are supported.
68
69 STATUS The status of the credential decode operation.
70
71 ENCODE_HOST
72 The address of the host on which the credential was encoded.
73
74 ENCODE_TIME
75 The time at which the credential was encoded (according to the
76 local clock of the host that encoded it).
77
78 DECODE_TIME
79 The time at which the credential was decoded (according to the
80 local clock of the host that decoded it).
81
82 TTL The time-to-live value (in seconds) placed within the creden‐
83 tial.
84
85 CIPHER The cipher type used to encode the credential.
86
87 MAC The MAC type used to encode the credential.
88
89 ZIP The compression type used to encode the credential.
90
91 UID The user ID of the process that encoded the credential.
92
93 GID The group ID of the process that encoded the credential.
94
95 UID_RESTRICTION
96 The user ID restriction placed within the credential.
97
98 GID_RESTRICTION
99 The group ID restriction placed within the credential.
100
101 LENGTH The length (in bytes) of the payload.
102
103
105 The unmunge program returns an exit code corresponding to the return
106 code of munge_decode(). On success, it returns a zero exit code which
107 signifies the credential is valid. On error, it prints an error mes‐
108 sage to stderr and returns a non-zero exit code.
109
110
112 Chris Dunlap <cdunlap@llnl.gov>
113
114
116 Copyright (C) 2007-2020 Lawrence Livermore National Security, LLC.
117 Copyright (C) 2002-2007 The Regents of the University of California.
118
119 MUNGE is free software: you can redistribute it and/or modify it under
120 the terms of the GNU General Public License as published by the Free
121 Software Foundation, either version 3 of the License, or (at your op‐
122 tion) any later version.
123
124 Additionally for the MUNGE library (libmunge), you can redistribute it
125 and/or modify it under the terms of the GNU Lesser General Public Li‐
126 cense as published by the Free Software Foundation, either version 3 of
127 the License, or (at your option) any later version.
128
129
131 munge(1), remunge(1), munge(3), munge_ctx(3), munge_enum(3), munge(7),
132 munged(8), mungekey(8).
133
134 https://dun.github.io/munge/
135
136
137
138munge-0.5.14 2020-01-14 UNMUNGE(1)