Annotation of embedaddon/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi, revision 1.1

1.1     ! misho       1: # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
        !             2: 
        !             3: # sample configuration for GSSAPI authentication (basically, Kerberos).
        !             4: # doc/README.gssapi gives some idea on how to configure it.
        !             5: # TODO: more documentation.
        !             6: 
        !             7: #listen {
        !             8: #      strict_address;
        !             9: #}
        !            10: 
        !            11: # Uncomment the following for GSS-API to work with older versions of
        !            12: # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
        !            13: # identifier attribute.
        !            14: #gss_id_enc latin1;
        !            15: 
        !            16: remote anonymous {
        !            17:        exchange_mode main;
        !            18: 
        !            19:        lifetime time 24 hour;
        !            20: 
        !            21:        proposal {
        !            22:                encryption_algorithm 3des;
        !            23:                hash_algorithm sha1;
        !            24:                authentication_method gssapi_krb;
        !            25:                # The default GSS-API ID is "host/hostname", where
        !            26:                # hostname is the output of the hostname(1) command.
        !            27:                # You probably want this to match your system's host
        !            28:                # principal.  ktutil(8)'s "list" command will list the
        !            29:                # principals in your system's keytab.  If you need to,
        !            30:                # you can change the GSS-API ID here.
        !            31:                #gss_id "host/some.host.name";
        !            32: 
        !            33:                dh_group 1;
        !            34:        }
        !            35: }
        !            36: 
        !            37: sainfo anonymous {
        !            38:        lifetime time 2 hour;
        !            39: 
        !            40:        encryption_algorithm rijndael, 3des;
        !            41:        authentication_algorithm hmac_sha1, hmac_md5;
        !            42:        compression_algorithm deflate;
        !            43: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>