Moonshot Developers Moonshot Developer Wiki/ moonshotapps

This page lists applications that have been successfully tested with moonshot.

Cyrus SASL Sample

Unmodified.

What does it do

  • Demonstrates minimal SASL functionality and allows exploration of SASL mechanisms.

GSS-Sample

Unmodified.

What does it do

  • Demonstrates GSS-API mechanisms functioning.
  • Displays all attributes (from SAML, Shibboleth) received
  • See vmdk for instructions on how to run

Jabberd

  • Unmodified
  • Requires enabling cyrus-sasl support in the build

What does it do

  • Jabber server. Provides authentication from moonshot.

Tested clients

  • Adium (unmodified) - successfully connected to a moonshot jabberd server

openLDAP Server

Modified/Unmodified

  • Unmodified openLDAP, but has to be compiled with SASL specific build options; most Linux distributions do this by default

What does it do

    • User can authenticate to openLDAP with their federated id, where their DN is mapped from their SASL id (mapping configured in slapd.conf)

Tested clients

  • ldapwhoami - succesfully bound to openLDAP server with mapped DN returned.

OpenSSH

Modified/Unmodified

  • See http://www.project-moonshot.org/gitweb/openssh.git look at the master and debian branches.
  • No client modifications required.
  • See the vm-integration or tlv-mic branches for moonshot code that works with this. The requirement is that mutual_authentication needs to be provided in the established context
  • gss_userok is required from the krb5 library
  • The VM images have these changes

What does it do

  • Provides RFC 4462 authentication and key exchange based on moonshot. In other words you can log in with ssh using Moonshot credentials
  • If the mechanism returns the local-login-user attribute (typically mapped using Shibboleth from a SAML attribute or RADIUS attribute), then that attribute controls what local accounts are acceptable
  • In other words federated authentication and authorization

Tested clients

*Openssh

MyProxy

MyProxy is a service issuing X.509 certificates. In the certification authority mode it signs certificates on demand for authenticated users. It uses SASL for authentication, which makes it possible to use GS2. MyProxy is widely used in the Grid computing.

Modified (patch submitted)

For more information on build and usage see the myproxy section.

What does it do

  • Issues X.509 credentials to users authenticated with their federated identities.

NFSv4

Modified

More information can be found at the NFSv4 section.