This page lists applications that have been successfully tested with moonshot. ----- **Cyrus SASL Sample** Unmodified. *What does it do* * Demonstrates minimal SASL functionality and allows exploration of SASL mechanisms. ----- **GSS-Sample** Unmodified. *What does it do* * Demonstrates GSS-API mechanisms functioning. * Displays all attributes (from SAML, Shibboleth) received * See [[vmdk]] for instructions on how to run ----- **Jabberd** * Unmodified * Requires enabling cyrus-sasl support in the build *What does it do* * Jabber server. Provides authentication from moonshot. *Tested clients* * Adium (unmodified) - successfully connected to a moonshot jabberd server ----- **openLDAP Server** *Modified/Unmodified* * Unmodified openLDAP, but has to be compiled with SASL specific build options; most Linux distributions do this by default *What does it do* * * User can authenticate to openLDAP with their federated id, where their DN is mapped from their SASL id (mapping configured in slapd.conf) *Tested clients* * ldapwhoami - succesfully bound to openLDAP server with mapped DN returned. ----- **OpenSSH** *Modified/Unmodified* * See http://www.project-moonshot.org/gitweb/openssh.git look at the master and debian branches. * No client modifications required. * See the vm-integration or tlv-mic branches for moonshot code that works with this. The requirement is that mutual_authentication needs to be provided in the established context * gss_userok is required from the krb5 library * The [[VM images|vmdk]] have these changes *What does it do* * Provides RFC 4462 authentication and key exchange based on moonshot. In other words you can log in with ssh using Moonshot credentials * If the mechanism returns the local-login-user attribute (typically mapped using Shibboleth from a SAML attribute or RADIUS attribute), then that attribute controls what local accounts are acceptable * In other words federated authentication and authorization *Tested clients* *Openssh ----- **MyProxy** [MyProxy](http://grid.ncsa.illinois.edu/myproxy/) is a service issuing X.509 certificates. In the certification authority mode it signs certificates on demand for authenticated users. It uses SASL for authentication, which makes it possible to use GS2. MyProxy is widely used in the Grid computing. Modified (patch submitted) For more information on build and usage see the [[myproxy section|testing/myproxy]]. *What does it do* * Issues X.509 credentials to users authenticated with their federated identities. ----- **NFSv4** *Modified* More information can be found at the [[NFSv4 section|testing/nfsv4]].