I'm pleased to report that I merged a bunch of changes to master last
night.
This includes most of Luke's work over the last year.
In particular:
* We now use RFC 3961 MIC tokens per the approved spec
* We no longer depend on FreeRADIUS; we use Alan's NetworkRADIUS
library. Thanks Alan for working with us and thanks to Luke for doing
the integration!
* OIDs and attribute names are updated from the current versions of the
IETF specs.
This code update represents a significant incompatible change with
previous versions.
If you have moonshot code in production and need to support both
versions drop me a note and I can work through how to do that; I believe
it is possible.
In particular, the following things need to be updated to use the new
code:
* You will need to change the OIDs you are using; seee the mech_eap/mech
file for the new OIDs.
* You need to remove the dictionary line from radsec.conf.
* You need to update the URNs of any gss attributes you use in your
shibboleth configuration.
* We're now using different RADIUS attribute numbers because our
attributes have been approved and registered with IANA.
Here's a dictionary fragment:
ATTRIBUTE GSS-Acceptor-Service-Name 164 string
ATTRIBUTE GSS-Acceptor-Host-Name 165 string
ATTRIBUTE GSS-Acceptor-Service-Specifics 166 string
ATTRIBUTE GSS-Acceptor-Realm-Name 167 string
I'll send a patch to FreeRADIUS's IETf dictionary for the above,
although there's a capitalization issue Luke found that I need to
resolve with IANA first.
|