This page lists applications that have been successfully tested with moonshot. ----- **Cyrus SASL Sample** Unmodified. *What does it do* * Demonstrates minimal SASL functionality and allows exploration of SASL mechanisms. ----- **GSS-Sample** Unmodified. *What does it do* * Demonstrates GSS-API mechanisms functioning. * Displays all attributes (from SAML, Shibboleth) received * See [[vmdk]] for instructions on how to run ----- **Jabberd** * Unmodified * Requires enabling cyrus-sasl support in the build *What does it do* * Jabber server. Provides authentication from moonshot. *Tested clients* * Adium (unmodified) - successfully connected to a moonshot jabberd server ----- **openLDAP Server** *Modified/Unmodified* * Unmodified openLDAP, but has to be compiled with SASL specific build options; most Linux distributions do this by default *What does it do* * * User can authenticate to openLDAP with their federated id, where their DN is mapped from their SASL id (mapping configured in slapd.conf) *Tested clients* * ldapwhoami - succesfully bound to openLDAP server with mapped DN returned. ----- **OpenSSH** *Modified/Unmodified* * See http://www.project-moonshot.org/gitweb/openssh.git look at the master and debian branches. * No client modifications required. * See the vm-integration or tlv-mic branches for moonshot code that works with this. The requirement is that mutual_authentication needs to be provided in the established context * gss_userok is required from the krb5 library * The [[VM images|vmdk]] have these changes *What does it do* * Provides RFC 4462 authentication and key exchange based on moonshot. In other words you can log in with ssh using Moonshot credentials * If the mechanism returns the local-login-user attribute (typically mapped using Shibboleth from a SAML attribute or RADIUS attribute), then that attribute controls what local accounts are acceptable * In other words federated authentication and authorization *Tested clients* *Openssh -----