All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).
1. System Preparation
1.1. Add the Moonshot libraries and configure the server
If you have not already done so, you first need to follow the instructions on how to install the Moonshot Libraries on RHEL/CentOS/SL.
1.2. Configure SELinux to allow httpd to create network connections
Existing SELinux policies will not allow HTTPD to connect to the RP proxy using RadSec, thus precluding Moonshot from work.
To persistently allow such connections, use the following command:
2. Installation Instructions
To use the Apache module, install it:
Ensure that the certificates referenced in
/etc/radsec.confcan be read by the Apache user.
Verify that the
KeepAliveoption is enabled in the Apache configuration file
3. Configuration Instructions
Shibboleth2 Apache module incompatibility
Please read Section in Apache HTTPD on module incompatibilities.
3.1. Protecting a location with Moonshot
To protect a particular location on your Apache server, you must configure it with an
Negotiate (CentOS 6) or
GSSAPI (CentOS 7).
Here's a sample configuration that can get you started to allow anyone with a valid Moonshot account to access
GSSAPImodule, see its homepage at https://github.com/modauthgssapi/mod_auth_gssapi. Additionally, in an effort to provide cross-compatibility, the
Negotiatemodule broadly supports the