Annotation of embedaddon/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi, revision 1.1
1.1 ! misho 1: # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
! 2:
! 3: # sample configuration for GSSAPI authentication (basically, Kerberos).
! 4: # doc/README.gssapi gives some idea on how to configure it.
! 5: # TODO: more documentation.
! 6:
! 7: #listen {
! 8: # strict_address;
! 9: #}
! 10:
! 11: # Uncomment the following for GSS-API to work with older versions of
! 12: # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
! 13: # identifier attribute.
! 14: #gss_id_enc latin1;
! 15:
! 16: remote anonymous {
! 17: exchange_mode main;
! 18:
! 19: lifetime time 24 hour;
! 20:
! 21: proposal {
! 22: encryption_algorithm 3des;
! 23: hash_algorithm sha1;
! 24: authentication_method gssapi_krb;
! 25: # The default GSS-API ID is "host/hostname", where
! 26: # hostname is the output of the hostname(1) command.
! 27: # You probably want this to match your system's host
! 28: # principal. ktutil(8)'s "list" command will list the
! 29: # principals in your system's keytab. If you need to,
! 30: # you can change the GSS-API ID here.
! 31: #gss_id "host/some.host.name";
! 32:
! 33: dh_group 1;
! 34: }
! 35: }
! 36:
! 37: sainfo anonymous {
! 38: lifetime time 2 hour;
! 39:
! 40: encryption_algorithm rijndael, 3des;
! 41: authentication_algorithm hmac_sha1, hmac_md5;
! 42: compression_algorithm deflate;
! 43: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>