Update VM image

diff --git a/vmdk.mdwn b/vmdk.mdwn
index 32e2955..ea205e0 100644 (file)
--- a/vmdk.mdwn
+++ b/vmdk.mdwn
@@ -1,13 +1,18 @@
 [[!meta title="VM images"]]
 [[!toc]]
 
-There is a Moonshot test VM image that contains a complete development environment for Moonshot. In particular it contains:
+There is a Moonshot test VM image that contains a complete development
+environment for Moonshot. In particular it contains:
 
 * compiler, debugger
 * Sources for moonshot, Shibboleth, libradsec and the like
 * All dependencies mentioned [[here|building]]
 * A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications
+    * Includes patches from the moonshot-mechglue branch for gss_userok support
 * A configured freeradius server
+    * Generates SAML assertions on authentication
+    * Exposes user name for legacy GSS applications
+
 
 
 ## What it works with
@@ -18,10 +23,12 @@ The Image should work with:
 * Virtualbox (tested)
 * qemu (tested)
 * Vmware
+## Configuration of the VM
 
-To use VirtualBox on a Mac, you will need to modify the virtual hardware configuration to add a serial port, though it can be disabled.
+The VM is distributed as a disk image.
+You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory. 
 
-If that causes eth0 to turn into eth1, do the following and reboot.
+If the image has no eth0 but has an eth1, do the following and reboot.
 
 $ sudo rm /etc/udev/rules.d/70-persistent-net.rules
 
@@ -43,7 +50,19 @@ There is one account; user moonshot with password moonshot.
  *        cd krb5-1.9/src/appl/gss-sample
 *         ./gss-server  host@moonshot-test.project-moonshot.org &
 *         ./gss-client  -mech "{1 3 6 1 4 1 5322 22 1 18}" 
-              -user steve@local -pass testing  127.0.0.1 host@localhost  bar                                    
+              -user steve@local -pass testing  127.0.0.1 host@localhost  bar                     
+For a perhaps more interesting test try: <code>ssh moonshot@127.0.0.1</code>
+               
+# Security
+
+Note that this VM image is not appropriate for an open network. In particular:
+
+* There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system
+* There are well-known passwords
+* The test account steve@local is permitted to log into the moonshot account with a trivial password
+* A known Kerberos key could potentially be used for ssh access
+
+This is about exploring software not about secure deployments.
 
 # Obtaining Images
 
@@ -53,7 +72,7 @@ download the source 1
 [DVD](http://moonshot-image.s3.amazonaws.com/debian-6.0.0-source-DVD-1.iso)
 
 *
-  [moonshot-20110311.vmdk](http://moonshot-image.s3.amazonaws.com/moonshot-20110311.vmdk)
+  [moonshot-test-20110404.vmdk](http://moonshot-image.s3.amazonaws.com/moonshot-test-20110404.vmdk)
 
 # TODO