From: https://www.google.com/accounts/o8/id?id=AItOawlJk3rkkeqyWyEI_vt7p82grwmi37Kg4uY Date: Thu, 6 Mar 2014 10:57:55 +0000 (-0500) Subject: Changed shibboleth attribute map to use current correct radius attribute, corrected... X-Git-Url: http://www.project-moonshot.org/gitweb/?p=devwiki.git;a=commitdiff_plain;h=809769d55e607aa1c4675832fec744facb956fae Changed shibboleth attribute map to use current correct radius attribute, corrected the gss meach oids --- diff --git a/ConfiguringRHEL.mdwn b/ConfiguringRHEL.mdwn index d5821be..d13d2a5 100644 --- a/ConfiguringRHEL.mdwn +++ b/ConfiguringRHEL.mdwn @@ -141,7 +141,7 @@ In the demo we just use a very simple example – mapping the _Chargeable-User-I Delete _/etc/shibboleth/attribute-map.xml_ and replace it with: - + In this case, 89 corresponds to _Chargeable-User-Identity_, which is mapped to _local-login-user_, which sets the local account that the user will be given access to. @@ -172,9 +172,9 @@ This file tells moonshot what encryption options are valid for use with GSS. # Any encryption type supported by Kerberos can be defined as the # last element of the OID arc. # - eap-aes128 1.3.6.1.4.1.5322.22.1.17 mech_eap.so - eap-aes256 1.3.6.1.4.1.5322.22.1.18 mech_eap.so - + eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so + eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so + ##Testing Functionality As mentioned earlier, we will be using the Kerberos test tools to make sure that things are working.
@@ -182,7 +182,7 @@ To start the _gss-server_, run: /opt/moonshot/sbin/gss-server host@localhost & -There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech): +There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.5.5.15.1.1.18 (as seen in /etc/gss/mech): /opt/moonshot/bin/gss-client -mech "{1.3.6.1.5.5.15.1.1.18 }" 127.0.0.1 host@localhost bar