Other XML attributes defined for the <GSSAPIAttribute> element:
-*authenticated="true|false" - allows processing to proceed only if the GSS attribute is authenticated
-*binary="true|false" - treats the GSS attribute as binary-valued
+* authenticated="true|false" - allows processing to proceed only if the GSS attribute is authenticated
+* binary="true|false" - treats the GSS attribute as binary-valued
+
+### Daemon Use
+
+To move processing (and significant startup cost) outside of the GSS server process, you can patch mech_eap as follows:
+
+ --- a/moonshot/mech_eap/util_shib.cpp
+ +++ b/moonshot/mech_eap/util_shib.cpp
+ @@ -417,8 +417,7 @@ gss_eap_shib_attr_provider::initWithJsonObject(const gss_eap
+ bool
+ gss_eap_shib_attr_provider::init(void)
+ {
+ - if (SPConfig::getConfig().getFeatures() == 0 &&
+ - ShibbolethResolver::init() == false)
+ + if (ShibbolethResolver::init(SPConfig::InProcess) == false)
+ return false;
+
+ gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext);
+
+The shibresolver library also has to be loaded as an extension (exact path and filename vary by platform):
+
+ <OutOfProcess logger="shibd.logger">
+ <Extensions>
+ <Library path="plugins.so" fatal="true"/>
+ <Library path="/usr/lib/libshibresolver.so" fatal="true"/>
+ </Extensions>
+ </OutOfProcess>
+
+If you then run shibd, mech_eap's use of the SP will be remoted to it in the usual fashion.