From: Sam Hartman Date: Mon, 4 Apr 2011 21:10:09 +0000 (-0400) Subject: Update VM image X-Git-Url: http://www.project-moonshot.org/gitweb/?p=devwiki.git;a=commitdiff_plain;h=101922a0160122de9ff48e7e5d3de8bcc7cc9665 Update VM image --- diff --git a/vmdk.mdwn b/vmdk.mdwn index 32e2955..ea205e0 100644 --- a/vmdk.mdwn +++ b/vmdk.mdwn @@ -1,13 +1,18 @@ [[!meta title="VM images"]] [[!toc]] -There is a Moonshot test VM image that contains a complete development environment for Moonshot. In particular it contains: +There is a Moonshot test VM image that contains a complete development +environment for Moonshot. In particular it contains: * compiler, debugger * Sources for moonshot, Shibboleth, libradsec and the like * All dependencies mentioned [[here|building]] * A build of the [MIT Kerberos](http://web.mit.edu/kerberos/) gss-sample applications + * Includes patches from the moonshot-mechglue branch for gss_userok support * A configured freeradius server + * Generates SAML assertions on authentication + * Exposes user name for legacy GSS applications + ## What it works with @@ -18,10 +23,12 @@ The Image should work with: * Virtualbox (tested) * qemu (tested) * Vmware +## Configuration of the VM -To use VirtualBox on a Mac, you will need to modify the virtual hardware configuration to add a serial port, though it can be disabled. +The VM is distributed as a disk image. +You will need to create a virtual machine in your VM software of choice. Unless you're using Xen in paravirtualized mode, you will need to attach a first serial port to the virtual machine. This serial port may be disabled. The image requires at least 512m of memory. -If that causes eth0 to turn into eth1, do the following and reboot. +If the image has no eth0 but has an eth1, do the following and reboot. $ sudo rm /etc/udev/rules.d/70-persistent-net.rules @@ -43,7 +50,19 @@ There is one account; user moonshot with password moonshot. * cd krb5-1.9/src/appl/gss-sample * ./gss-server host@moonshot-test.project-moonshot.org & * ./gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" - -user steve@local -pass testing 127.0.0.1 host@localhost bar + -user steve@local -pass testing 127.0.0.1 host@localhost bar +For a perhaps more interesting test try: ssh moonshot@127.0.0.1 + +# Security + +Note that this VM image is not appropriate for an open network. In particular: + +* There is a well known ssh host key compiled into the image; this is done because it makes it easier for your to test Moonshot ssh, but is not appropriate for a secure system +* There are well-known passwords +* The test account steve@local is permitted to log into the moonshot account with a trivial password +* A known Kerberos key could potentially be used for ssh access + +This is about exploring software not about secure deployments. # Obtaining Images @@ -53,7 +72,7 @@ download the source 1 [DVD](http://moonshot-image.s3.amazonaws.com/debian-6.0.0-source-DVD-1.iso) * - [moonshot-20110311.vmdk](http://moonshot-image.s3.amazonaws.com/moonshot-20110311.vmdk) + [moonshot-test-20110404.vmdk](http://moonshot-image.s3.amazonaws.com/moonshot-test-20110404.vmdk) # TODO