correctly construct KRB-CRED for Heimdal reauth

[mech_eap.orig] / README

Overview
========

This is an implementation of the GSS EAP mechanism, as described in
draft-ietf-abfab-gss-eap-00.txt.

Building
========

In order to build this, a recent Kerberos implementation (MIT or
Heimdal), Shibboleth, and EAP libraries are required, along with
all of their dependencies.

Note: not all SPIs are supported by the Heimdal mechanism glue,
so not all features will be available.

Installing
==========

When installing, be sure to edit $prefix/etc/gss/mech to register
the EAP mechanisms. A sample configuration file is in this directory.

Make sure your RADIUS library is configured to talk to the server of
your choice: see the example radsec.conf in this directory.

Testing
=======

You can then test the MIT or Cyrus GSS and SASL example programs.
Sample usage is given below. Substitute <user>, <pass> and <host>
appropriately (<host> is the name of the host running the server,
not the RADIUS server).

% gss-client -port 5555 -spnego -mech "{1 3 6 1 4 1 5322 22 1 18}" \
  -user <user> -pass <pass> <host> host@<host> "Testing GSS EAP"
% gss-server -port 5555 -export host@<host>

Note: for SASL you will be prompted for a username and password.

% client -C -p 5556 -s host -m EAP-AES128 <host>
% server -c -p 5556 -s host -h <host>