Install Moonshot Libraries on Ubuntu 12.04 LTS

Owned by wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Last updated: Oct 21, 2015 by Alejandro Perez
2 min read

On this page you will find instructions on how to install the Moonshot libraries on an Ubuntu 12.04 (Precise Pangolin) based system, in order to enable applications/services on that system to perform Moonshot based authentication.

Contents

Assumptions and Prerequisites

This guide assumes you have an up-to-date Ubuntu 12.04 LTS based system (a minimal install will do) and that you have a Moonshot RP Proxy (this could be a Moonshot IdP) available to connect to.

Assumptions & Prerequisites

This guide assumes you have root access to the Linux device. This is required as new software needs to be installed system-wide.

1. System Preparation

First, there are a few Ubuntu configuration options that need to be set in advance.

1.1. Add the Moonshot Repository

  1. Add the Moonshot Debian Wheezy repository to your system. To do this, run the following command (as root, or using sudo):

    $ echo "deb http://repository.project-moonshot.org/debian-moonshot wheezy main" > /etc/apt/sources.list.d/moonshot.list

  2. Install the Moonshot GPG key:

    $ wget -O - http://repository.project-moonshot.org/key.gpg | apt-key add -

  3. Update the apt cache with the new repository information:

    $ apt-get update

1.2. Install updated font-config packages

Ubuntu 12.04 LTS ships with versions of fontconfig-config and libfontconfig that are a little too old for Moonshot. We need to update these packages with newer versions.

  1. Download the following two packages:
    1. fontconfig-config:
      1. (64 or 32 bit) http://launchpadlibrarian.net/113189380/fontconfig-config_2.10.1-0ubuntu3_all.deb
    2. libfontconfig1:
      1. (64 bit) http://fr.archive.ubuntu.com/ubuntu/pool/main/f/fontconfig/libfontconfig1_2.10.1-0ubuntu3_amd64.deb
      2. (32 bit) http://fr.archive.ubuntu.com/ubuntu/pool/main/f/fontconfig/libfontconfig1_2.10.1-0ubuntu3_i386.deb

  2. Install them:

    $ dpkg -i fontconfig-config_2.10.1-0ubuntu3_all.deb libfontconfig1_2.10.1-0ubuntu3_*.deb

1.3. Moonshot GSS Mechanisms

Create a new file at /usr/etc/gss/mech (you will likely need to create the /usr/etc/gss directory) with the following content:

#
# Sample mechanism glue configuration for EAP GSS mechanism. 
#
# Any encryption type supported by Kerberos can be defined as the
# last element of the OID arc.
#
eap-aes128    1.3.6.1.5.5.15.1.1.17    mech_eap.so
eap-aes256    1.3.6.1.5.5.15.1.1.18    mech_eap.so

In the future we hope for this step to be done automatically on installing the software. For now, however, this is a manual step.

2. Install Moonshot

We’re now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:

$ apt-get install moonshot-gss-eap

 

3. Next Steps

3.1. Configure your Moonshot Libraries to connect to an RP Proxy

The Moonshot GSS-EAP mechanism needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen. See the Configure a Linux Server to Connect to an RP Proxy page for instructions on how to do this.

3.2. Configure your Application/Service to use Moonshot

Finally, you may have to install/configure that application/service as necessary.