1. System Preparation

1.1. Get the macOS Client

Download the macOS client here:

2. Install the macOS Client

Once you have the macOS client, installation is simply a matter of opening the downloaded DMG archive, and double-clicking the installer to launch it.

You will be launched into the install wizard for the Moonshot macOS Client:

Before the macOS Client installation proceeds, you will be warned that the software requires a reboot before it is functional.

If necessary, you will be prompted to enter a password for a user that has privileges to install software on this computer. It may be your own username.

3. Identity Selection

Users will use the Moonshot Identity Manager to select identities when prompted.

You can also read the Moonshot Identity Manager guide.

4. Next Steps

You now have all of the necessary Moonshot GSS-EAP libraries and configuration for the application/service on your machine to use Moonshot. The next step is to install/configure that application/service as necessary.

5. Issues

Newer versions of macOS feature the so-called App Sandbox, which Apple uses to try to make macOS more secure against system breaches. The side effect is that all Unix applications resident in /usr/bin, notably OpenSSH Client and curl, will not load the Moonshot GSS-EAP mechanism when resident there. To 'derestrict' the application, use the sudo command to copy the application from /usr/bin to /usr/local/bin (and creating that directory where necessary), and adjusting the /etc/paths file to load applications from /usr/local/bin first.

Starting from "Big Sur", besides moving the binary you would also need to remove the signature, since signed binaries are sandboxed as well. Use codesign --remove-signature /usr/local/bin/ssh to do so.