Return to racoon.conf.sample-gssapi CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples

ipsec-tools

    1: # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
    2: 
    3: # sample configuration for GSSAPI authentication (basically, Kerberos).
    4: # doc/README.gssapi gives some idea on how to configure it.
    5: # TODO: more documentation.
    6: 
    7: #listen {
    8: #	strict_address;
    9: #}
   10: 
   11: # Uncomment the following for GSS-API to work with older versions of
   12: # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
   13: # identifier attribute.
   14: #gss_id_enc latin1;
   15: 
   16: remote anonymous {
   17: 	exchange_mode main;
   18: 
   19: 	lifetime time 24 hour;
   20: 
   21: 	proposal {
   22: 		encryption_algorithm 3des;
   23: 		hash_algorithm sha1;
   24: 		authentication_method gssapi_krb;
   25: 		# The default GSS-API ID is "host/hostname", where
   26: 		# hostname is the output of the hostname(1) command.
   27: 		# You probably want this to match your system's host
   28: 		# principal.  ktutil(8)'s "list" command will list the
   29: 		# principals in your system's keytab.  If you need to,
   30: 		# you can change the GSS-API ID here.
   31: 		#gss_id "host/some.host.name";
   32: 
   33: 		dh_group 1;
   34: 	}
   35: }
   36: 
   37: sainfo anonymous {
   38: 	lifetime time 2 hour;
   39: 
   40: 	encryption_algorithm rijndael, 3des;
   41: 	authentication_algorithm hmac_sha1, hmac_md5;
   42: 	compression_algorithm deflate;
   43: }