Skip to content

Man 1 unmunge

Jump to bottom
Chris Dunlap edited this page Jun 29, 2022 · 6 revisions

Name

unmunge -- MUNGE credential decoder

Synopsis

unmunge [OPTION] ...

Description

The unmunge program validates a MUNGE credential (e.g., one created by the munge program).

By default, the credential is read from stdin and the metadata and payload are written to stdout. When the metadata and payload are written to the same stream, they are separated by a blank line.

Options

  • -h, --help
    Display a summary of the command-line options.

  • -L, --license
    Display license information.

  • -V, --version
    Display version information.

  • -i, --input path
    Input the credential from the specified file.

  • -n, --no-output
    Discard all output, both metadata and payload.

  • -m, --metadata path
    Output metadata to the specified file.

  • -o, --output path
    Output the payload to the specified file.

  • -k, --keys string
    Specify a subset of metadata keys to output. The keys are case-insensitive and delimited by whitespace, commas, semicolons, or periods -- as long as the string is treated as a single argument by the shell (e.g., enclosed by quotes). Invalid keys are ignored. If a subset is not specified, all available keys are selected by default.

  • -K, --list-keys
    Display a list of metadata keys.

  • -N, --numeric
    Display metadata values numerically. This omits conversions from IP addresses to hostnames, seconds to date and time strings, UIDs to user names, GIDs to group names, and cipher/mac/zip type lookups. [Added in 0.5.14]

  • -S, --socket path
    Specify the local socket for connecting with munged.

Metadata Keys

The following metadata keys are supported.

  • STATUS
    The status of the credential decode operation.

  • ENCODE_HOST
    The address of the host on which the credential was encoded.

  • ENCODE_TIME
    The time at which the credential was encoded (according to the local clock of the host that encoded it).

  • DECODE_TIME
    The time at which the credential was decoded (according to the local clock of the host that decoded it).

  • TTL
    The time-to-live value (in seconds) placed within the credential.

  • CIPHER
    The cipher type used to encode the credential.

  • MAC
    The MAC type used to encode the credential.

  • ZIP
    The compression type used to encode the credential.

  • UID
    The user ID of the process that encoded the credential.

  • GID
    The group ID of the process that encoded the credential.

  • UID_RESTRICTION
    The user ID restriction placed within the credential.

  • GID_RESTRICTION
    The group ID restriction placed within the credential.

  • LENGTH
    The length (in bytes) of the payload.

Exit Status

The unmunge program returns an exit code corresponding to the return code of munge_decode(). On success, it returns a zero exit code which signifies the credential is valid. On error, it prints an error message to stderr and returns a non-zero exit code.

Clone this wiki locally