-[[!meta title="VM images"]]
-[[!toc]]
+[[!meta title="VM images"]] Moonshot VM images are no longer
+available. See the [[DVD images|dvd]] for a live system image that can
+run under virtualization. This page contains information on the final
+VM image released shortly after the second Moonshot meeting.
+
-There is a Moonshot test VM image that contains a complete development environment for Moonshot. In particular it contains:
+[[!toc]]
* compiler, debugger
* Sources for moonshot, Shibboleth, libradsec and the like
* All dependencies mentioned [[here|building]]
* A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications
+ * Includes patches from the moonshot-mechglue branch for gss_userok support
* A configured freeradius server
+ * Generates SAML assertions on authentication
+ * Exposes user name for legacy GSS applications
+
## What it works with
* Virtualbox (tested)
* qemu (tested)
* Vmware
+## Configuration of the VM
+
+The VM is distributed as a disk image.
+You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory.
+
+If the image has no eth0 but has an eth1, do the following and reboot.
+
+$ sudo rm /etc/udev/rules.d/70-persistent-net.rules
The image expects:
* PAE to be enabled
* An ioapic to be enabled
-
-
## Consoles
Consoles are available on hvc0 (virt_ops console for xen), ttyS0 (serial console) and on the monitor and keyboard.
## testing Moonshot
* cd krb5-1.9/src/appl/gss-sample
-* ./gss-server host@moonshot-test.project-moonshot.org
-* ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" \
- -user steve@local -pass testing 127.0.0.1 host@localhost bar
+* ./gss-server host@moonshot-test.project-moonshot.org &
+* ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}"
+ -user steve@local -pass testing 127.0.0.1 host@localhost bar
+For a perhaps more interesting test try: <code>ssh moonshot@127.0.0.1</code>
+
+# Security
+
+Note that this VM image is not appropriate for an open network. In particular:
+
+* There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system
+* There are well-known passwords
+* The test account steve@local is permitted to log into the moonshot account with a trivial password
+* A known Kerberos key could potentially be used for ssh access
+
+This is about exploring software not about secure deployments.
# Obtaining Images
-Sources to the GPL items included in the image can be found in Debian
-squeeze's source repository. One way to get these sources is to
-download the source 1
-[DVD](http://moonshot-image.s3.amazonaws.com/debian-6.0.0-source-DVD-1.iso)
-*
- [moonshot-20110311.vmdk](http://moonshot-image.s3.amazonaws.com/moonshot-20110311.vmdk)
+# TODO
+* Copy the dictionary.ukerna file from mech_eap to /usr/share/freeradius, and include this file within /usr/share/freeradius/dictionary.