Edit $prefix/etc/raddb/users to add your test user and password:
- bob@PROJECT-MOONSHOT.ORG Cleartext-Password := secret
+ bob@PROJECT-MOONSHOT.ORG Cleartext-Password := secret
Add an entry for your acceptor to $prefix/etc/raddb/clients.conf:
not the RADIUS server).
% gss-client -port 5555 -spnego -mech "{1 3 6 1 4 1 5322 22 1 18}" \
- -user <user> -pass <pass> <host> host@<host> "Testing GSS EAP"
+ -user <user>@<realm> -pass <pass> <host> host@<host> \
+ "Testing GSS EAP"
% gss-server -port 5555 -export host@<host>
Note: for SASL you will be prompted for a username and password.
This will store a Kerberos ticket for a GSS-EAP authenticated user
in a credentials cache, which can then be used for re-authentication
to the same acceptor. You must have a valid keytab configured.
+
+In this testing phase of Moonshot, it's also possible to store a
+default identity and credential in a file. The format consists of
+the string representation of the initiator identity and the password,
+separated by newlines. The default location of this file is
+.gss_eap_id in the user's home directory, however the GSSEAP_IDENTITY
+environment variable can be used to set an alternate location.
+
+You can also set a default realm in [appdefaults]; the Kerberos
+default realm is never used by mech_eap (or at least, that is the
+intention), so if unspecified you must always qualify names. It should
+generally not be necessary to specify this.
+