16035 – "Unauthorized credential for client" log-message in munged whenever the auth/munge init() function is called.

Ticket 16035 - "Unauthorized credential for client" log-message in munged whenever the auth/munge init() function is called.

Summary: "Unauthorized credential for client" log-message in munged whenever the auth/...

Status:	OPEN

Alias:	None

Product:	Slurm
Classification:	Unclassified
Component:	Documentation (show other tickets)
Version:	23.02.x
Hardware:	Linux Linux

Severity:	6 - No support contract
Assignee:	Jacob Jenson
QA Contact:

URL:

Depends on:
Blocks:

Reported:	2023-02-15 00:59 MST by Toni
Modified:	2023-02-15 00:59 MST (History)
CC List:	0 users

See Also:
Site:	-Other-
Slinky Site:	---
Alineos Sites:	---
Atos/Eviden Sites:	---
Confidential Site:	---
Coreweave sites:	---
Cray Sites:	---
DS9 clusters:	---
Google sites:	---
HPCnow Sites:	---
HPE Sites:	---
IBM Sites:	---
NOAA SIte:	---
NoveTech Sites:	---
Nvidia HWinf-CS Sites:	---
OCF Sites:	---
Recursion Pharma Sites:	---
SFW Sites:	---
SNIC sites:	---
Tzag Elita Sites:	---
Linux Distro:	---
Machine Name:
CLE Version:
Version Fixed:
Target Release:	---
DevPrio:	---
Emory-Cloud Sites:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this ticket.

Description Toni 2023-02-15 00:59:29 MST

Hi,

recently I discovered a log message in munged which reads:

Unauthorized credential for client UID=0 GID=0

In Slurm 22.05 (presumably) this safety check was added, to see whether root is able to decode any incoming credential: https://github.com/SchedMD/slurm/blob/566b77006a7870a3ccc2e676544d6cadcf01e5b4/src/plugins/auth/munge/auth_munge.c#L139

This init() function is called every time a slurmstepd is spawned and loads the munge auth plugin, which is evident by these log messages:

slurmstepd[21134]: cred/munge: init: Munge credential signature plugin loaded

The side effect of this safety check is however, that the above "Unauthorized credential" log message in munged is (rightfully so) shown, whenever a Job is started - which can be pretty often depending on job throughput.

I didn't find anything in the documentation about it, and even though this log-message is harmless and can be ignored in this specific case as it is a byproduct of this check, it might still be good to mention this in the docs to potentially avoid confusion.

Best Regards,
Toni