X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=prepare.mdwn;h=eb92ff40d20dad1d8daf9b04bc4b52aa5e691afa;hb=fe503f985c1b78604c64b6bdcdff94f8dab3630a;hp=114980fb2c9d28ba47f5fba098b21baadda6f741;hpb=b1d04b71ea33a9e5e2fec86a38aa002a400de1db;p=devwiki.git

diff --git a/prepare.mdwn b/prepare.mdwn
index 114980f..eb92ff4 100644
--- a/prepare.mdwn
+++ b/prepare.mdwn
@@ -104,3 +104,31 @@ Other XML attributes defined for the <GSSAPIAttribute> element:
 
 * authenticated="true|false" - allows processing to proceed only if the GSS attribute is authenticated
 * binary="true|false" - treats the GSS attribute as binary-valued
+
+### Daemon Use
+
+To move processing (and significant startup cost) outside of the GSS server process, you can patch mech_eap as follows:
+
+    --- a/moonshot/mech_eap/util_shib.cpp
+    +++ b/moonshot/mech_eap/util_shib.cpp
+    @@ -417,8 +417,7 @@ gss_eap_shib_attr_provider::initWithJsonObject(const gss_eap
+     bool
+     gss_eap_shib_attr_provider::init(void)
+     {
+    -    if (SPConfig::getConfig().getFeatures() == 0 &&
+    -        ShibbolethResolver::init() == false)
+    +    if (ShibbolethResolver::init(SPConfig::InProcess) == false)
+             return false;
+ 
+         gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext);
+
+The shibresolver library also has to be loaded as an extension (exact path and filename vary by platform):
+
+    <OutOfProcess logger="shibd.logger">
+        <Extensions>
+            <Library path="plugins.so" fatal="true"/>
+            <Library path="/usr/lib/libshibresolver.so" fatal="true"/>
+        </Extensions>
+    </OutOfProcess>
+
+If you then run shibd, mech_eap's use of the SP will be remoted to it in the usual fashion.