Hi Sam,
Speaking of CentOS, we've done some validation work on the dev wiki instructions for CentOS and have made corrections where necessary. Right now, our docs are only internal, but I'm happy to share those with the group... Where do I go and what do I do to do so?
:-)
S.
-----Original Message-----
From: Moonshot community list [mailto:[log in to unmask]] On Behalf Of Sam Hartman
Sent: 22 April 2013 14:49
To: [log in to unmask]
Subject: New DVD Release: Moonshot Pilot Release 2
I'd like to draw your attention to
http://psec.s3.amazonaws.com/moonshot-images/2013.04.21.iso
This is a new DVD release building in Freeradius 3.x as well as significant updates to the UI.
I've also made significant progress getting the Centos builds working again, but that's not ready quite yet.
This DVD is a bit more difficult to use, because it actually uses RADSEC and you have to generate the certificates and make them available. I could have automated that (or included a single certificate on the DVD) but I think it is valuable for people to understand what's going on there.
Once you have the DVD running:
sudo -s
# rest as root
cd /etc/freeradius/certs
./bootstrap #generate certificates
#The following is insecure in production # However it permits any user to run gss-server chmod -R a+rX /etc/freeradius/certs # The freeradius cert generation stuff puts a useless password # on the private key.
# This is annoying because then server processes prompt for it.
# we remove it.
openssl rsa -in client.key -out client.noenc # password is "whatever"
mv client.noenc client.key
#Now start freeradius
/etc/init.d/freeradius start
This version of Freeradius does have trust_router client support although I think not channel binding support.
For GPL compliance reasons, source is available at http://psec.s3.amazonws.com/2013.04.21.source There is a file called source.debian.tar and source.debian-live.tar in that directory. Unless you're specifically looking to obtain the exact source of everything on the DVD you're probably better off checking out the Moonshot sources from git and the Debian sources from Debian's usual mechanisms.
--
This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd.
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom
|