X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=trustrouterinfo.mdwn;h=0ddacc32fcf35142be442b5fefefe0b67ff827fe;hb=e45115c190773ff1614c8fa6c119d35a5c14b09b;hp=b924a1527a26547ddc8f45d1e735e7bfc8bf5b21;hpb=446e167baf0a5b79f7368ac6c1ed679774501cf6;p=devwiki.git
diff --git a/trustrouterinfo.mdwn b/trustrouterinfo.mdwn
index b924a15..0ddacc3 100644
--- a/trustrouterinfo.mdwn
+++ b/trustrouterinfo.mdwn
@@ -1,4 +1,4 @@
-BUILDING/INSTALLING A TRUST ROUTER:
+
BUILDING/INSTALLING A TRUST ROUTER
(Assumes you already have a Moonshot DVD installed.)
@@ -10,7 +10,7 @@ The Trust Router depends on MIT Kerberos, OpenSSL, jansson and SQLite Version 3.
To build and install a Trust Router, you need to separately 'make' and 'make install' in both the moonshot/trust_router and moonshot/freeradius-server directories, in that order.
-CONFIGURING A TRUST ROUTER:
+CONFIGURING A TRUST ROUTER
In addition to having a valid freeradius TLS/PSK configuration, a set of Trust Router and TID-specific configuration is required in order to use the Trust Router.
@@ -29,7 +29,7 @@ realm suffix {
trust_router = "10.0.2.15"
}
-BRINGING UP/VERIFYING A TRUST ROUTER:
+BRINGING UP/VERIFYING A TRUST ROUTER
To run all of the components needed to test the Trust Router, you will need to have at least two different nodes (or VMs) at different IP addresses.
@@ -56,7 +56,9 @@ root@debian:/opt/moonshot/sbin# ./radiusd -fxx -l stdout
Start the TID Server (on Node-2, as root):
-root@debian:/opt/moonshot/bin# ./tids 10.1.10.90 /var/tmp/keys
+root@debian:/opt/moonshot/bin# ./tids 10.1.10.90 gss_id /var/tmp/keys
+
+The gss_id is the GSS name that will be used by the trustrouter to connect to the TIDS. For example if trustrouter@apc.painless-security.com is provisioned as the identity, then enter trustrouter@apc.painless-security.com.
On the second virtual machine, you will run the freeradius RP AAA Proxy (with built-in TIDC), the Trust Router, the GSS Server and the GSS Client. For example: