A Moonshot technology preview is made available as a Debian live system.
The image will work either when booted on real PC hardware or in a virtualization environment. Explicit support should be provided for Virtualbox and for Vmware video and mouse support.
The image may not be appropriate for deployment on an open network; in particular, it runs a number of services including SSH, RADIUS and a web server.
Current Version
January 2012:
Previous Version
May 2011:
Includes
- A configured freeradius server
- Generates SAML assertions on authentication
- Exposes user name for legacy GSS applications
- Debian packages of key Moonshot components:
- Core Moonshot mechanism
- Development version of Shibboleth libraries with enhanced GSS-API support
- Libradsec library
- Moonshot support for Firefox and Apache
- Moonshot support for OpenSSH
Testing Moonshot
There is a RADIUS account steve@local with password testing. This account is authorized to log into an SSH user called moonshot. to test:
sudo useradd -m moonshot
ssh moonshot@localhost
This works in part because there is a file in the user home directory ~/.gss_eap_id that includes the username and password. In the future, credentials will be controlled by a Moonshot user interface.
Another test involves the GSS sample application from MIT Kerberos:
gss-server host@localhost & #start server in the background
gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" localhost host@localhost test_message
It is also possible to test with the web server. Under /var/www create a directory. Include a .htaccess file with the following contents:
AuthType GSSAPI
Require valid-user
If you go to http://localhost/directory_name, using the Iceweasel web browser included in the image, you will see this page. Unfortunately, Iceweasel is not the default browser; you will need to start it from the menus before entering this URI.