Annotation of embedaddon/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi, revision 1.1.1.1

1.1       misho       1: # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
                      2: 
                      3: # sample configuration for GSSAPI authentication (basically, Kerberos).
                      4: # doc/README.gssapi gives some idea on how to configure it.
                      5: # TODO: more documentation.
                      6: 
                      7: #listen {
                      8: #      strict_address;
                      9: #}
                     10: 
                     11: # Uncomment the following for GSS-API to work with older versions of
                     12: # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
                     13: # identifier attribute.
                     14: #gss_id_enc latin1;
                     15: 
                     16: remote anonymous {
                     17:        exchange_mode main;
                     18: 
                     19:        lifetime time 24 hour;
                     20: 
                     21:        proposal {
                     22:                encryption_algorithm 3des;
                     23:                hash_algorithm sha1;
                     24:                authentication_method gssapi_krb;
                     25:                # The default GSS-API ID is "host/hostname", where
                     26:                # hostname is the output of the hostname(1) command.
                     27:                # You probably want this to match your system's host
                     28:                # principal.  ktutil(8)'s "list" command will list the
                     29:                # principals in your system's keytab.  If you need to,
                     30:                # you can change the GSS-API ID here.
                     31:                #gss_id "host/some.host.name";
                     32: 
                     33:                dh_group 1;
                     34:        }
                     35: }
                     36: 
                     37: sainfo anonymous {
                     38:        lifetime time 2 hour;
                     39: 
                     40:        encryption_algorithm rijndael, 3des;
                     41:        authentication_algorithm hmac_sha1, hmac_md5;
                     42:        compression_algorithm deflate;
                     43: }

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>