# Preparing to use Moonshot
+This set of instructions assumes you are using system Kerberos libraries; some things will be relative to the installation prefix of Kerberos if you are using Kerberos built from source.
+
+
First, look at the mech file in the mech_eap directory of the source tree. Copy this file to /etc/gss/mech (or on Debian/Ubuntu systems /usr/etc/gss/mech). The Debian path is a bug that will be fixed; this page will be updated after.
Then, create a symlink from /usr/lib/gss/mech_eap.so to the installed mech_eap.so. Are you getting the feeling you're running down some untested code paths here yet?
-On Debian systems make sure /usr/lib/freeradius is in your default linker search path. Perhaps edit /etc/ld.so.conf and run ldconfig. Yes, that too is a bug.
-
-Create a radsec.conf in $prefix/etc/radsec.conf.
+On Debian systems if you are using the system freeradius libraries make sure /usr/lib/freeradius is in your default linker search path. Perhaps edit /etc/ld.so.conf and run ldconfig. Yes, that too is a bug. If you are not using system freeradius libraries you probably have to do something similar.
-Create a valid freeradius dictionary in $prefix/share/freeradius/dictionary. This may be a bug as well.
+Create a valid freeradius dictionary in $prefix/etc/radb/dictionary. This may be a bug as well.
# Configuring Kerberos
Then <code>chmod a+r /etc/krb5.keytab</code>. Note that would be a very bad thing to do if you actually were using Kerberos. It may still be a bad thing to do if you have services enabled that can potentially use Kerberos.
+# Configuring libradsec
+
+ cat > $prefix/etc/radsec.conf << EOF
+ config gss-eap {
+ type = "UDP"
+ server {
+ hostname = "127.0.0.1"
+ service = "1820"
+ secret = "$secret"
+ }
+ }
+ EOF
+
+$secret is the secret you share with the radius server, i.e. the "secret" entry in FreeRADIUS configuration "client" clause.
Todo:
-* configure libradsec
* Set up RADIUS