1 # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ 2 3 # sample configuration for GSSAPI authentication (basically, Kerberos). 4 # doc/README.gssapi gives some idea on how to configure it. 5 # TODO: more documentation. 6 7 #listen { 8 # strict_address; 9 #} 10 11 # Uncomment the following for GSS-API to work with older versions of 12 # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API 13 # identifier attribute. 14 #gss_id_enc latin1; 15 16 remote anonymous { 17 exchange_mode main; 18 19 lifetime time 24 hour; 20 21 proposal { 22 encryption_algorithm 3des; 23 hash_algorithm sha1; 24 authentication_method gssapi_krb; 25 # The default GSS-API ID is "host/hostname", where 26 # hostname is the output of the hostname(1) command. 27 # You probably want this to match your system's host 28 # principal. ktutil(8)'s "list" command will list the 29 # principals in your system's keytab. If you need to, 30 # you can change the GSS-API ID here. 31 #gss_id "host/some.host.name"; 32 33 dh_group 1; 34 } 35 } 36 37 sainfo anonymous { 38 lifetime time 2 hour; 39 40 encryption_algorithm rijndael, 3des; 41 authentication_algorithm hmac_sha1, hmac_md5; 42 compression_algorithm deflate; 43 } 44
