Install Moonshot Libraries on Ubuntu 14.04 LTS
- wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
- Alejandro Perez
- Stefan Paetow
On this page you will find instructions on how to install the Moonshot libraries on an Ubuntu 14.04 (Trusty Tahr) based system, in order to enable applications/services on that system to perform Moonshot based authentication.
Contents
Assumptions and Prerequisites
This guide assumes you have an up-to-date Ubuntu 14.04 LTS based system (a minimal install will do) and that you have a Moonshot RP Proxy (this could be a Moonshot IdP) available to connect to.
Assumptions & Prerequisites
This guide assumes you have root access to the Linux device. This is required as new software needs to be installed system-wide.
Ubuntu 14.04 LTS (Trusty Tahr) is not currently an "officially" supported platform, and Moonshot packages for Trusty are not yet available. However, using a mixture of Moonshot packages from Debian 7 and Moonshot daily packages for Ubuntu 13.04 (Raring Ringtail) Trusty can be made to support Moonshot until such a time as official Trusty packages are available.
1. System Preparation
First, there are a few Ubuntu configuration options that need to be set in advance.
1.1. Add the Moonshot Repository
Add the Moonshot Debian Wheezy repository to your system. To do this, run the following command (as root, or using sudo):
$ echo "deb http://repository.project-moonshot.org/debian-moonshot wheezy main" > /etc/apt/sources.list.d/moonshot.list
Install the Moonshot GPG key:
$ wget -O - http://repository.project-moonshot.org/key.gpg | apt-key add -
Add the Moonshot Daily PPA Raring repository to your system. To do this, run the following command (as root, or using sudo):
$ echo "deb http://ppa.launchpad.net/moonshot/daily/ubuntu raring main" > /etc/apt/sources.list.d/moonshot-daily.list
Install the Moonshot daily key:
$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys B18F7887
Update the apt cache with the new repository information:
$ apt-get update
1.2. Configure APT
Since we've added the Debian and Ubuntu Moonshot repositories, we must tell apt that the Ubuntu repository has precedence.
Create a file called
/etc/apt/preferences.d/moonshot, with the following content:Package: * Pin: release o=LP-PPA-moonshot-daily Pin-Priority: 1200
1.3. Install Older Packages
Ubuntu 14.04 LTS ships with some some versions of packages that are too new to work with the Ubuntu 13.04 packages that we're temporarily using on 14.04 LTS. So, we need to install the older versions alongside the newer.
- Download the following two packages:
- lib-xml-security-c16:
- libxerces-c3.1:
Install them:
$ dpkg -i libxml-security-c16_1.6.1-7~build0.13.04.1_*.deb libxerces-c3.1_3.1.1-3_*.deb
You will receive several errors about dependencies. Install the dependencies:
$ apt-get install -f
1.4. Moonshot GSS Mechanisms
Create a new file at /usr/etc/gss/mech (you will likely need to create the /usr/etc/gss directory) with the following content:
# # Sample mechanism glue configuration for EAP GSS mechanism. # # Any encryption type supported by Kerberos can be defined as the # last element of the OID arc. # eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
In the future we hope for this step to be done automatically on installing the software. For now, however, this is a manual step.
2. Install Moonshot
We’re now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:
$ apt-get install moonshot-gss-eap
3. Next Steps
3.1. Configure your Moonshot Libraries to connect to an RP Proxy
The Moonshot GSS-EAP mechanism needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen. See the Configure a Linux Server to Connect to an RP Proxy page for instructions on how to do this.
3.2. Configure your Application/Service to use Moonshot
Finally, you may have to install/configure that application/service as necessary.