# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ # sample configuration for GSSAPI authentication (basically, Kerberos). # doc/README.gssapi gives some idea on how to configure it. # TODO: more documentation. #listen { # strict_address; #} # Uncomment the following for GSS-API to work with older versions of # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API # identifier attribute. #gss_id_enc latin1; remote anonymous { exchange_mode main; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method gssapi_krb; # The default GSS-API ID is "host/hostname", where # hostname is the output of the hostname(1) command. # You probably want this to match your system's host # principal. ktutil(8)'s "list" command will list the # principals in your system's keytab. If you need to, # you can change the GSS-API ID here. #gss_id "host/some.host.name"; dh_group 1; } } sainfo anonymous { lifetime time 2 hour; encryption_algorithm rijndael, 3des; authentication_algorithm hmac_sha1, hmac_md5; compression_algorithm deflate; } |