Page tree
Skip to end of metadata
Go to start of metadata

On this page you will find instructions on how to install the Moonshot libraries on a RHEL, CentOS, or Scientific Linux system, in order to enable applications/services on that system to perform Moonshot-based authentication.

Contents

Assumptions and Prerequisites

This guide assumes you have a RHEL, CentOS, or Scientific Linux system (a minimal install will do) and that you have a Moonshot RP Proxy available to connect to.

1. System Preparation

1.1. Network configuration

For production deployments, it is recommended that the machine be assigned a static IP address.

For CentOS networking information please refer to the official Red Hat guide:

CentOS 6
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/part-networking
CentOS 7
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/index

1.2. Firewall configuration

The following ports are required to be accessible to the outside world in the local firewall:

  • 2083/tcp (for RadSec connections to other Moonshot entities, including the RP proxy).

1.3. Add the Required Repositories

Supported versions

At the moment, CentOS/RHEL/SL 6, 8, and 8 are supported.

Moonshot requires three yum repositories to be added to the system - EPEL and the Shibboleth repositories (home of some required dependencies), and the Moonshot repository itself.

  1. Install EPEL by running the following command:

    yum install epel-release

    Depending on your platform, the epel-release package is part of one of the optional repositories.

    On CentOS, it is part of the Extras repository. On RHEL, you must enable both the Optional and Extras repositories. For more information, visit the EPEL homepage.

    On newer releases of Scientific Linux 7, the epel-release package does not exist. Use yum install yum-conf-epel instead. For more information, see the Scientific Linux 7.2 release notes.

  2. Install the Moonshot repository information running one of the the following commands depending on your CentOS version:

    CentOS 6
    yum install -y https://repository.project-moonshot.org/rpms/moonshot-repository.centos6.rpm
    CentOS 7
    yum install -y https://repository.project-moonshot.org/rpms/moonshot-repository.centos7.rpm
    CentOS 8
    yum install -y https://repository.project-moonshot.org/rpms/moonshot-repository.centos8.rpm
  3. This installs the Yum repository, the current Moonshot GPG key, and a package that can update both. This is the preferred method of deploying repository information.

    Verifying the Moonshot GPG key

    If you wish to verify the Moonshot GPG key's validity and integrity, please see the Packaging GPG Key for further details.

  4. Install the official Shibboleth repository using one of the following commands, according to your CentOS version:. 

    CentOS 6
    curl -o /etc/yum.repos.d/shibboleth.repo http://download.opensuse.org/repositories/security:/shibboleth/CentOS_CentOS-6/security:shibboleth.repo
    CentOS 7
    curl -o /etc/yum.repos.d/shibboleth.repo http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo
    CentOS 8
    curl -o /etc/yum.repos.d/shibboleth.repo http://download.opensuse.org/repositories/security://shibboleth/CentOS_8/security:shibboleth.repo





2. Install Moonshot

We are now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:

yum install moonshot

3. Next Steps

3.1. Configure your Moonshot Libraries to connect to an RP Proxy

The Moonshot GSS-EAP mechanism needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen. See the Configure a Linux Server to Connect to an RP Proxy page for instructions on how to do this.

3.2. Configure your Application/Service to use Moonshot

Finally, you may have to install/configure that application/service as necessary.