unmunge - MUNGE credential decoder
The unmunge program validates a MUNGE credential (e.g., one
created by the munge program).
By default, the credential is read from stdin and the metadata and
payload are written to stdout. When the metadata and payload are written to
the same stream, they are separated by a blank line.
- -h, --help
- Display a summary of the command-line options.
- -L, --license
- Display license information.
- -V, --version
- Display version information.
- -i, --input
file
- Input the credential from the specified file.
- -n, --no-output
- Discard all output, both metadata and payload.
- -m, --metadata
file
- Output metadata to the specified file.
- -o, --output
file
- Output the payload to the specified file.
- -k, --keys
string
- Specify a subset of metadata keys to output. The keys are case-insensitive
and delimited by whitespace, commas, semicolons, or periods -- as long as
the string is treated as a single argument by the shell (e.g., enclosed by
quotes). Invalid keys are ignored. If a subset is not specified, all
available keys are selected by default.
- -K, --list-keys
- Display a list of metadata keys.
- -N, --numeric
- Display metadata values numerically. This omits conversions from IP
addresses to hostnames, seconds to date and time strings, UIDs to user
names, GIDs to group names, and cipher/mac/zip type lookups.
- -S, --socket
path
- Specify the local domain socket for connecting with munged.
The following metadata keys are supported.
- STATUS
- The status of the credential decode operation.
- ENCODE_HOST
- The address of the host on which the credential was encoded.
- ENCODE_TIME
- The time at which the credential was encoded (according to the local clock
of the host that encoded it).
- DECODE_TIME
- The time at which the credential was decoded (according to the local clock
of the host that decoded it).
- TTL
- The time-to-live value (in seconds) placed within the credential.
- CIPHER
- The cipher type used to encode the credential.
- MAC
- The MAC type used to encode the credential.
- ZIP
- The compression type used to encode the credential.
- UID
- The user ID of the process that encoded the credential.
- GID
- The group ID of the process that encoded the credential.
- UID_RESTRICTION
- The user ID restriction placed within the credential.
- GID_RESTRICTION
- The group ID restriction placed within the credential.
- LENGTH
- The length (in bytes) of the payload.
The unmunge program returns an exit code corresponding to
the return code of munge_decode(). On success, it returns a zero exit
code which signifies the credential is valid. On error, it prints an error
message to stderr and returns a non-zero exit code.
Chris Dunlap <cdunlap@llnl.gov>
Copyright (C) 2007-2020 Lawrence Livermore National Security, LLC.
Copyright (C) 2002-2007 The Regents of the University of California.
MUNGE is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or (at your option)
any later version.
Additionally for the MUNGE library (libmunge), you can
redistribute it and/or modify it under the terms of the GNU Lesser General
Public License as published by the Free Software Foundation, either version
3 of the License, or (at your option) any later version.