X-Git-Url: http://www.project-moonshot.org/gitweb/?p=devwiki.git;a=blobdiff_plain;f=vmdk.mdwn;h=549a99c5e74a6e276db610d4fe1491c57fca0295;hp=1137a88b1540098f037b733a9ba7696986ec6c57;hb=HEAD;hpb=b0cf17024a72b221024a2f8fee8cc10444cf4631 diff --git a/vmdk.mdwn b/vmdk.mdwn index 1137a88..549a99c 100644 --- a/vmdk.mdwn +++ b/vmdk.mdwn @@ -1,17 +1,21 @@ -[[!meta title="VM images"]] -[[!toc]] +[[!meta title="VM images"]] Moonshot VM images are no longer +available. See the [[DVD images|dvd]] for a live system image that can +run under virtualization. This page contains information on the final +VM image released shortly after the second Moonshot meeting. + -There is a Moonshot test VM image that contains a complete development environment for Moonshot. In particular it contains: +[[!toc]] * compiler, debugger * Sources for moonshot, Shibboleth, libradsec and the like * All dependencies mentioned [[here|building]] * A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications + * Includes patches from the moonshot-mechglue branch for gss_userok support * A configured freeradius server + * Generates SAML assertions on authentication + * Exposes user name for legacy GSS applications + -The image is based off Debian squeeze Until a reasonable mechanism to -distribute Debian source media to comply with the GPL is made, contact -Sam Hartman for a copy of the image. It is around 1.7G in size. ## What it works with @@ -21,14 +25,20 @@ The Image should work with: * Virtualbox (tested) * qemu (tested) * Vmware +## Configuration of the VM + +The VM is distributed as a disk image. +You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory. + +If the image has no eth0 but has an eth1, do the following and reboot. + +$ sudo rm /etc/udev/rules.d/70-persistent-net.rules The image expects: * PAE to be enabled * An ioapic to be enabled - - ## Consoles Consoles are available on hvc0 (virt_ops console for xen), ttyS0 (serial console) and on the monitor and keyboard. @@ -40,6 +50,25 @@ There is one account; user moonshot with password moonshot. ## testing Moonshot * cd krb5-1.9/src/appl/gss-sample -* ./gss-server host@moonshot-test.project-moonshot.org -* ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" \ - -user steve@local -pass testing 127.0.0.1 host@localhost bar +* ./gss-server host@moonshot-test.project-moonshot.org & +* ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" + -user steve@local -pass testing 127.0.0.1 host@localhost bar +For a perhaps more interesting test try: ssh moonshot@127.0.0.1 + +# Security + +Note that this VM image is not appropriate for an open network. In particular: + +* There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system +* There are well-known passwords +* The test account steve@local is permitted to log into the moonshot account with a trivial password +* A known Kerberos key could potentially be used for ssh access + +This is about exploring software not about secure deployments. + +# Obtaining Images + + +# TODO + +* Copy the dictionary.ukerna file from mech_eap to /usr/share/freeradius, and include this file within /usr/share/freeradius/dictionary.