From b1e96af7779c8682bba5acff72ce48eed63b1fc7 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 4 Apr 2011 19:51:05 -0400 Subject: [PATCH] more detail --- moonshotapps.mdwn | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/moonshotapps.mdwn b/moonshotapps.mdwn index 3e8062f..6bdb3e9 100644 --- a/moonshotapps.mdwn +++ b/moonshotapps.mdwn @@ -4,45 +4,42 @@ This page lists applications that have been successfully tested with moonshot. **Cyrus SASL Sample** -*Modified/Unmodified* -* . + +Unmodified. *What does it do* -* . +* Demonstrates minimal SASL functionality and allows exploration of SASL mechanisms. -*Tested clients* - -* . ----- **GSS-Sample** -*Modified/Unmodified* +Unmodified. -* . *What does it do* -* . +* Demonstrates GSS-API mechanisms functioning. +* Displays all attributes (from SAML, Shibboleth) received +* See [[vmdk]] for instructions on how to run -*Tested clients* -* . ----- **Jabberd** -*Modified/Unmodified* +* Unmodified +* Requires enabling cyrus-sasl support in the build -* . *What does it do* -* . +* Jabber server. Provides authentication from moonshot. + *Tested clients* @@ -54,11 +51,11 @@ This page lists applications that have been successfully tested with moonshot. *Modified/Unmodified* -* Unmodified openLDAP, but has to be recomplied with SASL specific build options +* Unmodified openLDAP, but has to be compiled with SASL specific build options; most Linux distributions do this by default *What does it do* -* User can authenticate to openLDAP with their federated id, where their DN is mapped from their SASL id (mapping configured in slapd.conf) +* * User can authenticate to openLDAP with their federated id, where their DN is mapped from their SASL id (mapping configured in slapd.conf) *Tested clients* @@ -70,14 +67,22 @@ This page lists applications that have been successfully tested with moonshot. *Modified/Unmodified* -* . +* See http://www.project-moonshot.org/gitweb/openssh.git look at the master and debian branches. +* No client modifications required. +* See the vm-integration or tlv-mic branches for moonshot code that works with this. The requirement is that mutual_authentication needs to be provided in the established context +* gss_userok is required from the krb5 library +* The [[VM images|vmdk]] have these changes + *What does it do* -* . +* Provides RFC 4462 authentication and key exchange based on moonshot. In other words you can log in with ssh using Moonshot credentials +* If the mechanism returns the local-login-user attribute (typically mapped using Shibboleth from a SAML attribute or RADIUS attribute), then that attribute controls what local accounts are acceptable +* In other words federated authentication and authorization + *Tested clients* -*. +*Openssh ----- -- 2.1.4