[[!meta title="VM images"]] Moonshot VM images are no longer available. See the [[DVD images|dvd]] for a live system image that can run under virtualization. This page contains information on the final VM image released shortly after the second Moonshot meeting. [[!toc]] * compiler, debugger * Sources for moonshot, Shibboleth, libradsec and the like * All dependencies mentioned [[here|building]] * A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications * Includes patches from the moonshot-mechglue branch for gss_userok support * A configured freeradius server * Generates SAML assertions on authentication * Exposes user name for legacy GSS applications ## What it works with The Image should work with: * xen (tested) * Virtualbox (tested) * qemu (tested) * Vmware ## Configuration of the VM The VM is distributed as a disk image. You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory. If the image has no eth0 but has an eth1, do the following and reboot. $ sudo rm /etc/udev/rules.d/70-persistent-net.rules The image expects: * PAE to be enabled * An ioapic to be enabled ## Consoles Consoles are available on hvc0 (virt_ops console for xen), ttyS0 (serial console) and on the monitor and keyboard. ## Logging in There is one account; user moonshot with password moonshot. ## testing Moonshot * cd krb5-1.9/src/appl/gss-sample * ./gss-server host@moonshot-test.project-moonshot.org & * ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" -user steve@local -pass testing 127.0.0.1 host@localhost bar For a perhaps more interesting test try: ssh moonshot@127.0.0.1 # Security Note that this VM image is not appropriate for an open network. In particular: * There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system * There are well-known passwords * The test account steve@local is permitted to log into the moonshot account with a trivial password * A known Kerberos key could potentially be used for ssh access This is about exploring software not about secure deployments. # Obtaining Images # TODO * Copy the dictionary.ukerna file from mech_eap to /usr/share/freeradius, and include this file within /usr/share/freeradius/dictionary.