I have a hopefully "close" RADIUS configuration, but so far the GSS sample
isn't running successfully.
I'm not sure from Luke's README where some of the config files are
supposed to live, but I'm assuming part of my problem is not having those
correctly installed. The gss-client error is:
GSS-API error initializing context: Unspecified GSS failure. Minor code
may provide more information
GSS-API error initializing context: SPNEGO cannot find mechanisms to
negotiate
I tried putting the file the README mentions as <prefix>/etc/gss/mech in
both the installed directory of the moonshot code and in /etc itself. I
also put radsec.conf there, which is probably wrong, but the README didn't
say where that goes.
I also found it odd that to get the gss-server to start I had to create a
Kerberos keytab file with a key for a host/localhost principal. I don't
really see how Kerberos figures into any of this, but putting a dummy key
there at least got it to start up. I have no actual KDC anywhere; is that
really a requirement?
I haven't tried the SASL route yet.
-- Scott
|