From d61efe4c627acba092735d1240b1244c5cb13954 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawk6GJyBxFZR3knrIbs4-CshB2KtVifnjAw" Date: Mon, 6 May 2013 17:15:48 -0400 Subject: [PATCH] --- trustrouterinfo.mdwn | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/trustrouterinfo.mdwn b/trustrouterinfo.mdwn index 40d7c1f..fc621d0 100644 --- a/trustrouterinfo.mdwn +++ b/trustrouterinfo.mdwn @@ -21,12 +21,12 @@ The TIDC also requires specific configuration in the freeradius raddb/mods-avail For example: -realm suffix { - format = suffix - delimiter = "@" - default_community = "testing.communities.ja.net" - rp_realm = "painless-security.com" - trust_router = "10.0.2.15" +realm suffix {
+ format = suffix
+ delimiter = "@"
+ default_community = "testing.communities.ja.net"
+ rp_realm = "painless-security.com"
+ trust_router = "10.0.2.15"
} BRINGING UP/VERIFYING A TRUST ROUTER: @@ -38,8 +38,11 @@ On one node, you will run the IDP AAA Server and the TIDS. The TIDS must run on Before running the IDP AAA Server, you will need to configure freeradius to use the SQL key database that will be shared with the TIDS. This can be done by adding a file called 'psk' to the /etc/freeradius/mods-enabled directory with the following contents: sql psksql { + driver = "rlm_sql_sqlite" + filename = "/var/tmp/keys" + } You will also need to add 'psksql' to the existing 'instantiate' section in etc/freeradius/radiusd.conf. @@ -47,26 +50,34 @@ You will also need to add 'psksql' to the existing 'instantiate' section in etc/ Before running TIDS for the first time, create the SQL database using the following commands: sqlite3 /var/tmp/keys + sqlite3> create table psk_keys (keyid text primary key, key blob); + ^D Start the freeradius server (on Node-2, as root): + root@debian:/opt/moonshot/sbin# ./radiusd -fxx -l stdout Start the TID Server (on Node-2, as root): + root@debian:/opt/moonshot/bin# ./tids 10.1.10.90 /var/tmp/keys On the second virtual machine, you will run the freeradius RP AAA Proxy (with built-in TIDC), the Trust Router, the GSS Server and the GSS Client. For example: Starting the freeradius RP AAA Proxy (on Node-1, as root): + root@moonshot-proxy:/usr/local/sbin# ./radiusd -fxx -l stdout Starting the Trust Router (on Node-1, as root): + root@moonshot-proxy:/home/margaret/moonshot/trust_router/tr# ./tr Starting the GSS server (on Node-1, as root): + root@moonshot-proxy:/home/margaret# gss-server host@localhost Starting the GSS client (on Node-1, any user): + margaret@moonshot-proxy:~$ gss-client -spnego 127.0.0.1 host@localhost "test message" -- 2.1.4