Skip to end of metadata
Go to start of metadata

Moonshot GSS is currently available only on a self-build basis on macOS El Capitan (10.12) or later.

We are currently working hard to deliver a complete client package that includes a macOS-native ID Selector with Keychain integration and complete (un-)installation support.

We do not support macOS as a server OS.

Contents

1. Key

In the tables below, the following icons have the following meanings:

  • (tick) - Moonshot is available for this version of macOS through an installer package and has been tested and verified as working.
  • (warning) - Moonshot has unofficially been tested on this version of macOS, but an installer package does not exist for it.
  • (error) - Moonshot is not available for this version of macOS, or is known not to work (at least, not without a large amount of custom work).
  • (question) - Moonshot has not been tested on this version of macOS yet. Let us know if you have tried it!

2. Compatibility

The information in this section is subject to our software support policy.

VersionSupported?Notes
macOS 10.13 High Sierra(warning)We intend to fully support macOS 10.13 in mid- to late 2018. Self-build instructions are here.
macOS 10.12 Sierra(warning)We intend to fully support macOS 10.12 in mid- to late 2018. Self-build instructions are here.
Mac OS X 10.11 El Capitan(warning)

We intend to fully support Mac OS X 10.11 in mid- to late 2018. Self-build instructions are here.

Mac OS X 10.10 Yosemite or earlier(error)We have tested the basic mechanism on Mac OS X 10.10, but we do not support this version of OS X or earlier.

3. Configuration

3.1. Setting the default path

The newer versions of macOS use sandboxing. This means that most Unix binaries in /usr/bin will not load external GSSAPI mechanisms other than the approved Apple versions inside the sandbox.

To resolve this, as the super user, copy the binary in question to /usr/local/bin which is outside the designated sandbox, then adjust the /etc/paths file to refer to /usr/local/bin first. That way the non-sandboxed version of the binary will be found and loaded first.

3.2. Credential file

macOS support currently uses the .gss_eap_id file in your home directory.

  1. Create a .gss_eap_id file in your user's home directory:

    username@moonshot.realm
    password

    Sample Camford .gss_eap_id

    This file shows a sample .gss_eap_id file used with a Camford credential

    testuser@camford.ac.uk
    testpassword
  • No labels