X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=ConfiguringRHEL.mdwn;h=7a03a67075923ee7cfcaedae0a143415b1c7eb17;hb=refs%2Fheads%2Fmaster;hp=70d8ffd18b54e8e5c478c324dc8e4f229f62fbca;hpb=f2ac1585edec276613f44b65086fdb838795560d;p=devwiki.git

diff --git a/ConfiguringRHEL.mdwn b/ConfiguringRHEL.mdwn
index 70d8ffd..7a03a67 100644
--- a/ConfiguringRHEL.mdwn
+++ b/ConfiguringRHEL.mdwn
@@ -6,20 +6,7 @@ Again, in a real deployment these are not required, but help with testing
 This guide walks through deploying the client, IdP and SP portions of moonshot - depending on your target, some steps may be inappropriate.
 
 ## Environment
-### LD_LIBRARY_PATH
-__LD_LIBRARY_PATH__ has to have _/opt/moonshot/lib64/_ and _/usr/lib64/freeradius_ added to it.<br />
-The best way to do this is create a file at _/etc/profile.d/moonshot.sh_, with the following:
 
-    if \[[ $LD_LIBRARY_PATH != */opt/moonshot/lib64/:/usr/lib64/freeradius/* ]]
-    then
-    	export LD_LIBRARY_PATH=/opt/moonshot/lib64/:/usr/lib64/freeradius/:$LD_LIBRARY_PATH
-    fi
-
-After, either restart your shell session, or:
-
-    source /etc/profile.d/moonshot.sh
-
-This is required as moonshot currently stores its modified libraries separately to the main system ones to avoid conflicts.  This should not be necessary in the future.
 
 ### SELinux set to permissive
 Moonshot has a couple of outstanding issues regarding proper labeling of _SELinux_ contexts, causing it to fail when _SELinux_ is enforcing.  This should be resolved soon - change the setting in _/etc/sysconfig/selinux_, or in _/etc/rc.local_:
@@ -34,13 +21,17 @@ The simplest way to install EPEL is:
     yum install epel-release
 
 ## Moonshot Packages
-The RPM's and SRPM's for moonshot are currently hosted at [[http://yum.dev.ja.net]] - this may change (and in fact, is quite likely to change) in the future.  The packages are currently unsigned.<br />
+The RPM's and SRPM's for moonshot are currently hosted at [[http://project-moonshot.org]] - this may change (and in fact, is quite likely to change) in the future.  The packages are signed.<br />
 Example _/etc/yum.repos.d/moonshot.repo_
 
-    [Moonshot]
-    name=Moonshot
-    baseurl=http://yum.dev.ja.net/RPMS/x86_64/
-    gpgcheck=0
+    [moonshot]
+    name=Moonshot RPMs
+    baseurl=http://repository.project-moonshot.org/rpms/centos6/
+    failovermethod=priority
+    enabled=1
+    gpgcheck=1
+    gpgkey=http://repository.project-moonshot.org/rpms/centos6/moonshot.key
+
 
 After setting up the repository definition, we'll set up a composite ORPS/IdP.
 
@@ -107,7 +98,6 @@ When in debug mode, FreeRADIUS acts as an interactive program, so it should be r
 ##Moonshot Proper
 First we need a minimal _/etc/radsec.conf_
 
-    dictionary = "/etc/raddb/dictionary"
     
     realm gss-eap {
         type = "UDP"
@@ -142,7 +132,7 @@ In the demo we just use a very simple example â mapping the _Chargeable-User-I
 Delete _/etc/shibboleth/attribute-map.xml_ and replace it with:
 
     <Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-        <GSSAPIAttribute name="urn:ietf:params:gss-eap:radius-avp urn:x-radius:89" id="local-login-user"/>
+        <GSSAPIAttribute name="urn:ietf:params:gss:radius-attribute 89" id="local-login-user"/>
     </Attributes>
 
 In this case, 89 corresponds to _Chargeable-User-Identity_, which is mapped to _local-login-user_, which sets the local account that the user will be given access to.
@@ -173,9 +163,9 @@ This file tells moonshot what encryption options are valid for use with GSS.
     # Any encryption type supported by Kerberos can be defined as the
     # last element of the OID arc.
     #
-    eap-aes128		1.3.6.1.4.1.5322.22.1.17	mech_eap.so
-    eap-aes256		1.3.6.1.4.1.5322.22.1.18	mech_eap.so
-
+    eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
+    eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
+   
 ##Testing Functionality
 
 As mentioned earlier, we will be using the Kerberos test tools to make sure that things are working.<br />
@@ -183,9 +173,9 @@ To start the _gss-server_, run:
 
     /opt/moonshot/sbin/gss-server host@localhost &
 
-There are two ways to start _gss-client_ â the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
+There are two ways to start _gss-client_ â the first specifies an encryption method to use by its OID 1.3.6.1.5.5.15.1.1.18 (as seen in /etc/gss/mech):
 
-    /opt/moonshot/bin/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" 127.0.0.1 host@localhost bar
+    /opt/moonshot/bin/gss-client -mech "{1.3.6.1.5.5.15.1.1.18 }" 127.0.0.1 host@localhost bar
 
 The second uses __Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)__<br />
 This chooses the "best" mutually-agreeable encryption method for between client and server.  To invoke the client using __SPNEGO__, use:
