Software Index
Related Topics
Popular Trends
Trending Topics
Linux Software Security Tools  

MUNGE Uid 'N' Gid Emporium

download download home home   report broken
important software information
company name:
Chris Dunlap
license: Freeware
minimum requirements: No special requirements.
functional limitations:
MUNGE Uid 'N' Gid Emporium description


MUNGE Uid 'N' Gid Emporium is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment.

It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key.

Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

Rationale

The need for MUNGE arose out of the HPC cluster environment. Consider the scenario in which a local daemon running on a login node receives a client request and forwards it on to remote daemons running on compute nodes within the cluster. Since the user has already logged on to the login node, the local daemon just needs a reliable means of ascertaining the UID and GID of the client process. Furthermore, the remote daemons need a mechanism to ensure the forwarded authentication data has not been subsequently altered.

A common solution to this problem is to use Unix domain sockets to determine the identity of the local client, and then forward this information on to remote hosts via trusted rsh connections. But this presents several new problems. First, there is no portable API for determining the identity of a client over a Unix domain socket. Second, rsh connections must originate from a reserved port; the limited number of reserved ports available on a given host directly limits scalability. Third, root privileges are required in order to bind to a reserved port. Finally, the remote daemons have no means of determining whether the client identity is authentic.

Overview

A process creates a credential by requesting one from the local MUNGE service. The encoded credential contains the UID and GID of the originating process. This process sends the credential to another process within the security realm as a mean. .



Similar software
Arri (Popularity: ) : Arri is an array API - more commonly known as a buffer API. Arri provides an interface to create, write, copy, duplicate, delete, append and free awways.

It does more than that, though. Arri contains a string API, to handle character ...

pam_login (Popularity: ) : pam_login is written specificly for PAM authentication.

This login version is based on the sources from util-linux 2.9s. I have removed all non PAM stuff and added a lot of nice features from the shadow login program. This means, pam_login will ...

Patra (Popularity: ) : Patra is a Java password tracker.

Password Tracker is an application to keep your passwords in an encrypted file on disk, protected by a pass phrase so that they are safe.

Even if the file containing your passwords falls in the wrong ...

passwdqc (Popularity: ) : pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd.

In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones. All features are optional and can be (re-)configured ...

ssss (Popularity: ) : ssss project is an implementation of Shamir's secret sharing scheme for UNIX systems.

In cryptography, a secret sharing scheme is a method for distributing a secret amongst a group of participants, each of which is allocated a share of the secret. ...

gpgwrap (Popularity: ) : gpgwrap project is a wrapper for gpg and its --passphrase-fd option.

SYNOPSIS

gpgwrap -V

gpgwrap -P [-v] [-i] [-a] [-p ]

gpgwrap -F [-v] [-i] [-a] [-c] [-p ] [-o ] [--] [ ... ]

gpgwrap [-v] [-i] [-a] [-p ] [-o ] [--] gpg ...

Md4sum (Popularity: ) : Md4sum generates or checks MD4 checksums applying the algorithm specified in RFC 1320. The project role is to generate and print checksums for all files passed as arguments.. .
md5sha1sum (Popularity: ) : md5sha1sum project provides md5sum, sha1sum, and ripemd160sum. They are intended to be drop in replacements for the tools from GNU textutils.

Since installing textutils is somewhat excessive for just those two utilities, these are meant to be the more compact and ...

User reviews

Write a review:
1 2 3 4 5 6 7 8 9 10
1=poor 10=excellent
Write review*
Your name*
Email*
  (Comments are moderated, and will not appear on this site until the editor has approved them)
 
AD


Rate me
supported os's
stats
downloads 7
version 0.5.8
size in Kb 471
popularity   
906/1272475
user rating 5/10
our rating 0 Stars
share info
Recommend MUNGE Uid 'N' Gid Emporium
Report spyware
New Software
Popular Software
Latest Reviews