aboutsummaryrefslogtreecommitdiff
path: root/network/munge/README
blob: c19e6006b0d6f9a0c9539ab3fceafff69b67ac53 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
munge (an authentication service)

MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for
creating and validating credentials.

It is designed to be highly scalable for use in an HPC cluster
environment. It allows a process to authenticate the UID and GID of
another local or remote process within a group of hosts having common
users and groups. These hosts form a security realm that is defined
by a shared cryptographic key. Clients within this security realm can
create and validate credentials without the use of root privileges,
reserved ports, or platform-specific methods.

On most platforms, the munged daemon does not require root privileges to run. 
If possible, you should run the daemon as a non-privileged user. 
This can be specified in the init script /etc/rc.d/rc.munge.

# groupadd -g 310 munge
# useradd -u 310 -d /var/lib/munge -s /bin/false -g munge munge

After installation a secret key file needs to be created. Follow instructions
from:

https://github.com/dun/munge/wiki/Installation-Guide#creating-a-secret-key