Assumptions and Prerequisites
This guide assumes you have a RHEL 7, CentOS 7, or Scientific Linux 7 system (a minimal install will do) and that you have a Moonshot RP Proxy available to connect to.
1. System Preparation
1.1. Turn off SELinux
There are currently no SELinux policies for Moonshot, and SELinux must be run in Permissive mode.
1.2. Network configuration
For production deployments, it is recommended that the machine be assigned a static IP address.
1.3. Firewall configuration
The following ports are required to be accessible to the outside world in the local firewall:
- 2083/tcp (for RadSec connections to other Moonshot entities, including the RP proxy).
1.4. Add the required repositories
Moonshot requires three
yum repositories to be added to the system - EPEL and the Shibboleth repositories (home of some required dependencies), and the Moonshot repository itself.
Install EPEL by running the following command:
Depending on your platform, the
epel-releasepackage is part of one of the optional repositories. On CentOS, it is part of the Extras repository. On RHEL, you must enable both the Optional and Extras repositories. For more information, visit the EPEL homepage.
Install the official Shibboleth repository:
Install the Moonshot repository by creating a new file at
/etc/yum.repos.d/moonshot.repowith the following content:
Install the Moonshot GPG key:
2. Install Moonshot
We are now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:
3. Next Steps
3.1. Configure your Moonshot Libraries to connect to an RP Proxy
The Moonshot GSS-EAP mechanism needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen. See the Configure a Linux Server to Connect to an RP Proxy page for instructions on how to do this.
3.2. Configure your Application/Service to use Moonshot
Finally, you may have to install/configure that application/service as necessary.