Moonshot

Last updated: 
4 months 2 weeks ago
Group Manager
Project Moonshot is a Janet-led initiative, in partnership with the GÉANT project and others, to develop a single unifying technology for extending the benefits of federated identity to a broad range of non-Web services, including Cloud infrastructures, High Performance Computing & Grid infrastructures and other commonly deployed services including mail, file store, remote access and instant messaging. The goal of the technology is to enable the management of access to a broad range of services and applications, using a single technology and infrastructure. This is expected to significantly improve the delivery of these services by providing users with a common single sign-on, for both internal and external services. Service providers will be able to more easily offer their services to users from other organisations using a single common authentication mechanism. This will enhance the user’s experience, and reduce costs for those organisations supporting users, and delivering services to them. This group is for community of Moonshot users, whether you're new to the technology, you're currently evaluating and getting to grips with it, or you've deployed it. For the list of guidance available about Moonshot within this group, see the Start Here wiki page. Jisc Assent, the production service underpinned by the Moonshot technology, went live on 25th March 2015. For information on, or to join the Jisc Assent service, please visit http://www.jisc.ac.uk/assent
Log in to request membershipHide group description

Group administrators:

Recent members:

Moonshot DVD image and code update

6 September 2013 at 5:06pm

*** Note: the current release is Moonshot Pilot Release 1 DVD. See  https://community.ja.net/groups/moonshot/article/moonshot-pilot-release-... for more details ***

After much hard work by the folks at Painless Security to update the Moonshot software, we now have a new Moonshot DVD image available. It is labeled an alpha because we'll be releasing one or two newer updates as we ramp up towards our service pilot.

The live DVD is available at

http://psec.s3.amazonaws.com/moonshot-images/2012.11.11.iso

Source for the DVD is available at

http://psec.s3.amazonaws.com/moonshot-images/2012.11.11.source/source.debian.tar and http://psec.s3.amazonaws.com/moonshot-images/2012.11.11.source/source.debian-live.tar.bz2

Note that those source tar archives are intended to meet our GPL applications because we're distributing a Linux-based system. While they do contain a snapshot of the Moonshot source, the best way to get the Moonshot code is from the GIT repository:

http://www.project-moonshot.org/gitweb/

To check out the Moonshot repository on your own system, execute:

git clone http://www.project-moonshot.org/git/moonshot.git
cd moonshot
git submodule init
git submodule update

Release Notes

This version of the DVD represents an incompatible change with previous releases of Moonshot software. Moonshot's GSS-API mechanisms are identified by an object identifier. As part of transition from our development releases to a version that conforms to the approved IETF standard for GSS-EAP, the object identifier changed. This DVD release is our first release using the new object identifier and we believe that this version is compatible with the approved standard.

We believe it is possible to operate a server that works with old pre-releases as well as standard-conforming versions. It's a bit tricky, but if you need to do so, please email moonshot-community@jiscmail.ac.uk and we will work with you.

Naming

This version of the Moonshot software confirms that the server and client have a compatible idea of the server's name. This tends to show up in failures with one of the common test cases. For example if you configure a moonshot user with authorisation for steve@local to log in as moonshot and run:

ssh moonshot@localhost

The test is likely to fail with the new DVD.  That's because sshd doesn't think its name is localhost. Typically sshd will think its name is host@hostname where hostname is the result of the hostname command. sshd has a GSSAPIStrictAcceptorCheck configuration variable. If that is set to no, then sshd should accept any GSSAPI name. The Moonshot software is rather aggressive about trying to figure out what to call the acceptor and defeats this configuration option. We expect to be releasing an update for this in the near future. 

Installation

The Live DVD image supports installing the live system onto a hard disk. Unfortunately, there's a bug in this support. This bug is in the operating system, not the Moonshot code. Many empty directories under /var are not created so we recommend creating at least the following:

/var/tmp

/var/log

/var/log/freeradius

See http://bugs.debian.org/673328 for details.

*** Note: the current release Moonshot Pilot Release 1 DVD does not have this bug so does not require this workaround. See  https://community.ja.net/groups/moonshot/article/moonshot-pilot-release-... for more details ***

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo
liveDVD