aboutsummaryrefslogtreecommitdiff
path: root/network/munge/README
blob: 3f2a3ad7955ff3093b498cbcd4fa0b5fb449defe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. 

It is designed to be highly scalable for use in an HPC cluster environment. 
It allows a process to authenticate the UID and GID of another local or remote process 
within a group of hosts having common users and groups. These hosts form a security realm 
that is defined by a shared cryptographic key. Clients within this security realm can create 
and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

On most platforms, the munged daemon does not require root privileges to run. 
If possible, you should run the daemon as a non-privileged user. 
This can be specified in the init script /etc/rc.d/rc.munge.

# groupadd -g 310 munge
# useradd -u 310 -d /var/lib/munge -s /bin/false -g munge munge

After installation a secret key file needs to be created. Follow instructions from:
https://github.com/dun/munge/wiki/Installation-Guide#creating-a-secret-key