File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples / racoon.conf.sample-gssapi
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 22:39:10 2012 UTC (12 years, 10 months ago) by misho
Branches: ipsec-tools, MAIN
CVS tags: v0_8_2p2, v0_8_1p0, v0_8_1, v0_8_0p0, v0_8_0, HEAD
ipsec-tools

# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $

# sample configuration for GSSAPI authentication (basically, Kerberos).
# doc/README.gssapi gives some idea on how to configure it.
# TODO: more documentation.

#listen {
#	strict_address;
#}

# Uncomment the following for GSS-API to work with older versions of
# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
# identifier attribute.
#gss_id_enc latin1;

remote anonymous {
	exchange_mode main;

	lifetime time 24 hour;

	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method gssapi_krb;
		# The default GSS-API ID is "host/hostname", where
		# hostname is the output of the hostname(1) command.
		# You probably want this to match your system's host
		# principal.  ktutil(8)'s "list" command will list the
		# principals in your system's keytab.  If you need to,
		# you can change the GSS-API ID here.
		#gss_id "host/some.host.name";

		dh_group 1;
	}
}

sainfo anonymous {
	lifetime time 2 hour;

	encryption_algorithm rijndael, 3des;
	authentication_algorithm hmac_sha1, hmac_md5;
	compression_algorithm deflate;
}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>