1 [[!meta title="VM images"]] Moonshot VM images are no longer
2 available. See the [[DVD images|dvd]] for a live system image that can
3 run under virtualization. This page contains information on the final
4 VM image released shortly after the second Moonshot meeting.
10 * Sources for moonshot, Shibboleth, libradsec and the like
11 * All dependencies mentioned [[here|building]]
12 * A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications
13 * Includes patches from the moonshot-mechglue branch for gss_userok support
14 * A configured freeradius server
15 * Generates SAML assertions on authentication
16 * Exposes user name for legacy GSS applications
22 The Image should work with:
28 ## Configuration of the VM
30 The VM is distributed as a disk image.
31 You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory.
33 If the image has no eth0 but has an eth1, do the following and reboot.
35 $ sudo rm /etc/udev/rules.d/70-persistent-net.rules
40 * An ioapic to be enabled
44 Consoles are available on hvc0 (virt_ops console for xen), ttyS0 (serial console) and on the monitor and keyboard.
48 There is one account; user moonshot with password moonshot.
52 * cd krb5-1.9/src/appl/gss-sample
53 * ./gss-server host@moonshot-test.project-moonshot.org &
54 * ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}"
55 -user steve@local -pass testing 127.0.0.1 host@localhost bar
56 For a perhaps more interesting test try: <code>ssh moonshot@127.0.0.1</code>
60 Note that this VM image is not appropriate for an open network. In particular:
62 * There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system
63 * There are well-known passwords
64 * The test account steve@local is permitted to log into the moonshot account with a trivial password
65 * A known Kerberos key could potentially be used for ssh access
67 This is about exploring software not about secure deployments.
74 * Copy the dictionary.ukerna file from mech_eap to /usr/share/freeradius, and include this file within /usr/share/freeradius/dictionary.