# Preparing to use Moonshot

First, look at the mech file in the mech_eap directory of the source tree. Copy this file to /etc/gss/mech (or on Debian/Ubuntu systems /usr/etc/gss/mech). The Debian path is a bug that will be fixed; this page will be updated after.

Then, create a symlink from /usr/lib/gss/mech_eap.so to the installed mech_eap.so. Are you getting the feeling you're running down some untested code paths here yet?

On Debian systems make sure /usr/lib/freeradius is in your default linker search path. Perhaps edit /etc/ld.so.conf and run ldconfig. Yes, that too is a bug.

Create a radsec.conf in $prefix/etc/radsec.conf.

Create a valid freeradius dictionary in $prefix/share/freeradius/dictionary. This may be a bug as well.

# Configuring Kerberos

Configure Kerberos, you ask? But I'm not using Kerberos!
True, but the Kerberos library is kind of self-centered at the moment and doesn't believe anyone would ever want to not use Kerberos.
So, it requires that servers be able to set up Kerberos even if they never use it.
Please see also a bug.
So you want something like

Contents of /etc/krb5.conf:

    [libdefaults]
        default_realm = YOUR_DOMAIN_ALL_CAPS

Then run ktutil

    addprinc --password -p host/hostname.your_domain@YOUR_DOMAIN_ALL_CAPS -k 1 -e aes256-cts

Enter a password of your choice

   wkt /etc/krb5.keytab
    quit

Then <code>chmod a+r /etc/krb5.keytab</code>. Note that would be a very bad thing to do if you actually were using Kerberos. It may still be a bad thing to do if you have services enabled that can potentially use Kerberos.



Todo:
* configure libradsec
* Set up RADIUS