INTRODUCTION

  MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for
  creating and validating user credentials.  It is designed to be highly
  scalable for use in an HPC cluster environment.  It provides a portable
  API for encoding the user's identity into a tamper-proof credential
  that can be obtained by an untrusted client and forwarded by untrusted
  intermediaries within a security realm.  Clients within this realm can
  create and validate credentials without the use of root privileges,
  reserved ports, or platform-specific methods.


RATIONALE

  The need for MUNGE arose out of the HPC cluster environment.  Consider the
  scenario in which a local daemon running on a login node receives a client
  request and forwards it on to remote daemons running on compute nodes within
  the cluster.  Since the user has already logged on to the login node, the
  local daemon just needs a reliable means of ascertaining the UID and GID
  of the client process.  Furthermore, the remote daemons need a mechanism to
  ensure the forwarded authentication data has not been subsequently altered.

  A common solution to this problem is to use Unix domain sockets to
  determine the identity of the local client, and then forward this
  information on to remote hosts via trusted rsh connections.  But this
  presents several new problems.  First, there is no portable API for
  determining the identity of a client over a Unix domain socket.  Second,
  rsh connections must originate from a reserved port; the limited number
  of reserved ports available on a given host directly limits scalability.
  Third, root privileges are required in order to bind to a reserved port.
  Finally, the remote daemons have no means of determining whether the
  client identity is authentic.  MUNGE solves all of these problems.


USAGE

  A process creates a credential by requesting one from the local
  MUNGE service, either via the munge_encode() C library call or the
  munge executable.  The encoded credential contains the UID and GID of
  the originating process.  This process sends the credential to another
  process within the security realm as a means of proving its identity.
  The receiving process validates the credential with the use of its local
  MUNGE service, either via the munge_decode() C library call or the unmunge
  executable.  The decoded credential provides the receiving process with a
  reliable means of ascertaining the UID and GID of the originating process.
  This information can be used for accounting or access control decisions.


DETAILS

  The contents of the credential (including any optional payload data) are
  encrypted with a key shared by all munged daemons within the security realm.
  The integrity of the credential is ensured by a message authentication
  code (MAC).  The credential is valid for a limited time defined by its
  time-to-live (TTL); this presumes clocks within a security realm are
  in sync.  Unexpired credentials are tracked by the local munged daemon in
  order to prevent replay attacks on a given host.  Decoding of a credential
  can be restricted to a particular user and/or group ID.  The payload data
  can be used for purposes such as embedding the destination's address to
  ensure the credential is only valid on a specific host.  The internal
  format of the credential is encoded in a platform-independent manner.
  And the credential itself is base64 encoded to allow it to be transmitted
  over virtually any transport.


LICENSE

  MUNGE is free software: you can redistribute it and/or modify it under
  the terms of the GNU General Public License as published by the Free
  Software Foundation, either version 3 of the License, or (at your option)
  any later version.

  Additionally for the MUNGE library (libmunge), you can redistribute it
  and/or modify it under the terms of the GNU Lesser General Public License
  as published by the Free Software Foundation, either version 3 of the
  License, or (at your option) any later version.


KEYS

  Releases are signed with the following GPG key:

  pub   rsa4096/0x3B7ECB2B30DE0871 2011-10-01 [SC]
        Key fingerprint = A441 880C 3D4C 7C36 C5DD  41E1 3B7E CB2B 30DE 0871
  uid                   [ultimate] Chris Dunlap <chris.m.dunlap@gmail.com>
  uid                   [ultimate] Chris Dunlap <cdunlap@llnl.gov>
  uid                   [ultimate] Chris Dunlap <dun@imsa.edu>
  sub   rsa4096/0x48A5CADDECA74B8A 2011-10-01 [E]


HOMEPAGE

  https://dun.github.io/munge/

If you're building MUNGE from source on AIX, you need to export the
OBJECT_MODE environment variable to your environment.  It should be set to
either "32" or "64" depending on whether you want code to be generated for
a 32-bit or 64-bit architecture.  If you are using gcc, you also need to
set CFLAGS to either "-maix32" or "-maix64".  Finally, you should set the
"--enable-arch" option as well:

  $ CFLAGS="-maix32" OBJECT_MODE=32 ./configure --enable-arch=32

  $ CFLAGS="-maix64" OBJECT_MODE=64 ./configure --enable-arch=64

In the configure script, AC_INIT is called before anything else and performs
some basic compiler checks.  The "-maix" gcc compiler flag must agree
with the OBJECT_MODE environment variable recognized by the AIX linker.
One alternative is to always set OBJECT_MODE=32.  The gcc compiler
will default to "-maix32" which allows the AC_INIT checks to succeed.
The "--enable-arch" option can then be used to control whether code is
generated for a 32-bit or 64-bit architecture.  For example:

  $ export OBJECT_MODE=32
  $ ./configure --enable-arch=64

This is the trick that is used in the RPM spec file.

--

MUNGE supports two different types of client authentication under AIX.
The getpeereid() method is supported by AIX 5.2 ML4 and later.  The configure
script tests for this when "checking for getpeereid".  The recvfd-mknod
file-descriptor-passing method is supported by earlier AIX versions.
The configure script tests for this when "checking for /dev/spx" and
"checking for struct strrecvfd".

The getpeereid() method is substantially faster; if your system supports that,
you can stop reading now.  On the other hand, the file-descriptor-passing
method on AIX is excruciatingly slow unless special steps are taken.
This is due to the fact that a unique STREAMS-based pipe must be created in
the filesystem for each client authentication attempt, and the journaling
of the jfs filesystem makes this quite slow.  To increase performance,
the authentication pipe needs to be created in a ramdisk.

The following steps create a 5MB ramdisk and mount it as "/tmp/munge".
A small ramdisk will do just fine.  You should then create two directories:
/tmp/munge/client (permissioned 1733) & /tmp/munge/server (permissioned 0711).
These directories can be named whatever you like, but these names will be used
in the following example.

  # mkramdisk 10000
  /dev/rramdisk0

  # mkfs -V jfs /dev/ramdisk0
  mkfs: destroy /dev/ramdisk0 (y)? y
  Device /dev/ramdisk0:
    Standard empty file system
    Size:           10000 512-byte (UBSIZE) blocks
    Initial Inodes: 1792

  # mkdir /tmp/munge

  # mount -V jfs -o nointegrity /dev/ramdisk0 /tmp/munge

  # chmod 0755 /tmp/munge

  # mkdir /tmp/munge/client
  # chmod 1733 /tmp/munge/client

  # mkdir /tmp/munge/server
  # chmod 0711 /tmp/munge/server

  # mount
    node       mounted        mounted over    vfs       date        options
  -------- ---------------  ---------------  ------ ------------ ---------------
           /dev/ramdisk0    /tmp/munge       jfs    Oct 01 10:01 rw,nointegrity

The MUNGE_AUTH_SERVER_DIR and MUNGE_AUTH_CLIENT_DIR defines in
src/libcommon/munge_defs.h need to be modified, and then the source
needs to be recompiled.

  #define MUNGE_AUTH_SERVER_DIR           "/tmp/munge/server"
  #define MUNGE_AUTH_CLIENT_DIR           "/tmp/munge/client"

Alternatively, you can override these settings with the munged
"--auth-server-dir" and "--auth-client-dir" command-line options.

  munged --auth-server-dir /tmp/munge/server \
         --auth-client-dir /tmp/munge/client

These options will be moved into the configuration file once one exists.

Multilib allows you to have both 32-bit and 64-bit versions of libmunge
installed at the same time, capable of communicating with either a 32-bit
or 64-bit version of munged.

On Linux, at least, 32-bit libraries usually reside in /usr/lib, and
64-bit libraries usually reside in /usr/lib64.  But on ia64, for example,
64-bit libraries reside in /usr/lib since everything is 64-bit there.

If you are building from source, you can pass a command-line option to
the configure script:

  $ ./configure --enable-arch=32

  $ ./configure --enable-arch=64

If you are building RPMs, you can pass a command-line option to rpmbuild:

  $ rpmbuild -ta --clean --with arch32 munge-x.y.z.tar.bz2

  $ rpmbuild -ta --clean --with arch64 munge-x.y.z.tar.bz2

You might also have to specify the --target command-line option:

  $ rpmbuild -ta --clean --with arch32 --target i386 munge-x.y.z.tar.bz2

  $ rpmbuild -ta --clean --with arch64 --target x86_64 munge-x.y.z.tar.bz2

For each platform, you will have one source RPM and three binary RPMs
(munge, munge-devel, and munge-libs).

If you wanted to install both 32-bit and 64-bit MUNGE libraries on an
RPM-based x86_64 system, for example, you would need to install either
the 32-bit or 64-bit version of the main munge RPM (containing munged),
and both 32-bit and 64-bit versions of the munge-devel and munge-libs RPMs:

  $ rpm -ivh RPMS/x86_64/munge-0.5-1.x86_64.rpm \
             RPMS/x86_64/munge-devel-0.5-1.x86_64.rpm \
             RPMS/x86_64/munge-libs-0.5-1.x86_64.rpm \
             RPMS/i386/munge-devel-0.5-1.i386.rpm \
             RPMS/i386/munge-libs-0.5-1.i386.rpm

You can then link your application against either the 32-bit or 64-bit library:

  $ gcc -o foo foo.c -m32 -lmunge

  $ gcc -o foo foo.c -m64 -lmunge


AIX uses RPM 3.x which does not recognize the "--with" command-line option.
The 'arch 32_64' define builds a single multiarch library where both 32-bit
and 64-bit objects reside in libmunge.a.  Note that the 'arch 32_64' string
must be quoted to appear as a single command-line argument.  Export the
OBJECT_MODE variable to the environment.

The OS detection in RPM 3.x appends the OS version and release to the name
(eg, "aix5.3").  Since I didn't want to pin the spec file to a particular
set of AIX versions, I used the generic OS string "aix".  Consequently,
you must specify "--target ppc-aix" when building the RPM, and "--ignoreos"
when installing the RPM.

  $ export OBJECT_MODE=32
  $ rpm -ta --clean --define 'arch 32' --target ppc-aix munge-x.y.z.tar.bz2

  $ export OBJECT_MODE=64
  $ rpm -ta --clean --define 'arch 64' --target ppc-aix munge-x.y.z.tar.bz2

  $ export OBJECT_MODE=32
  $ rpm -ta --clean --define 'arch 32_64' --target ppc-aix munge-x.y.z.tar.bz2

You can then link your application against either the 32-bit or 64-bit library:

  $ export OBJECT_MODE=32
  $ gcc -o foo foo.c -lmunge

  $ export OBJECT_MODE=64
  $ gcc -o foo foo.c -lmunge

[![GitHub Release](https://img.shields.io/github/release/dun/munge.svg)](https://github.com/dun/munge/releases/latest)
[![Packaging status](https://repology.org/badge/tiny-repos/munge.svg)](https://repology.org/metapackage/munge)
[![Build Status](https://travis-ci.org/dun/munge.svg?branch=master)](https://travis-ci.org/dun/munge)
[![Coverity Scan](https://scan.coverity.com/projects/dun-munge/badge.svg)](https://scan.coverity.com/projects/dun-munge)

### MUNGE Uid 'N' Gid Emporium

MUNGE (_MUNGE Uid 'N' Gid Emporium_) is an authentication service for creating
and validating user credentials.  It is designed to be highly scalable for
use in an HPC cluster environment.  It provides a portable API for encoding
the user's identity into a tamper-proof credential that can be obtained by an
untrusted client and forwarded by untrusted intermediaries within a security
realm.  Clients within this realm can create and validate credentials without
the use of root privileges, reserved ports, or platform-specific methods.

- [Overview](../../wiki/Man-7-munge)
- [Installation Guide](../../wiki/Installation-Guide)
- [License Information](../../wiki/License-Info)
- [Man Pages](../../wiki/Man-Pages)
- [Verifying Releases](../../wiki/Verifying-Releases)