Ticket 16035

Summary: "Unauthorized credential for client" log-message in munged whenever the auth/munge init() function is called.
Product: Slurm Reporter: Toni <toni.harzendorf>
Component: DocumentationAssignee: Jacob Jenson <jacob>
Status: OPEN --- QA Contact:
Severity: 6 - No support contract    
Priority: ---    
Version: 23.02.x   
Hardware: Linux   
OS: Linux   
Site: -Other- Alineos Sites: ---
Atos/Eviden Sites: --- Confidential Site: ---
Coreweave sites: --- Cray Sites: ---
DS9 clusters: --- HPCnow Sites: ---
HPE Sites: --- IBM Sites: ---
NOAA SIte: --- OCF Sites: ---
Recursion Pharma Sites: --- SFW Sites: ---
SNIC sites: --- Linux Distro: ---
Machine Name: CLE Version:
Version Fixed: Target Release: ---
DevPrio: --- Emory-Cloud Sites: ---

Description Toni 2023-02-15 00:59:29 MST 
Hi,

recently I discovered a log message in munged which reads:

Unauthorized credential for client UID=0 GID=0

In Slurm 22.05 (presumably) this safety check was added, to see whether root is able to decode any incoming credential: https://github.com/SchedMD/slurm/blob/566b77006a7870a3ccc2e676544d6cadcf01e5b4/src/plugins/auth/munge/auth_munge.c#L139

This init() function is called every time a slurmstepd is spawned and loads the munge auth plugin, which is evident by these log messages:

slurmstepd[21134]: cred/munge: init: Munge credential signature plugin loaded

The side effect of this safety check is however, that the above "Unauthorized credential" log message in munged is (rightfully so) shown, whenever a Job is started - which can be pretty often depending on job throughput.

I didn't find anything in the documentation about it, and even though this log-message is harmless and can be ignored in this specific case as it is a byproduct of this check, it might still be good to mention this in the docs to potentially avoid confusion.

Best Regards,
Toni