MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.
-- Chris Dunlap
A MUNGE security realm is defined by a shared secret between hosts. Any process can create an authentication cookie which ascertains its uid and gid and is valid for a specific period of time.
We achieve secure remote file and shell access by:
- assuring that an operator account has the same uid and gid on all relevant servers,
- remote access is done over Wireguard protected connections,