# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
# sample configuration for GSSAPI authentication (basically, Kerberos).
# doc/README.gssapi gives some idea on how to configure it.
# TODO: more documentation.
#listen {
# strict_address;
#}
# Uncomment the following for GSS-API to work with older versions of
# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
# identifier attribute.
#gss_id_enc latin1;
remote anonymous {
exchange_mode main;
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method gssapi_krb;
# The default GSS-API ID is "host/hostname", where
# hostname is the output of the hostname(1) command.
# You probably want this to match your system's host
# principal. ktutil(8)'s "list" command will list the
# principals in your system's keytab. If you need to,
# you can change the GSS-API ID here.
#gss_id "host/some.host.name";
dh_group 1;
}
}
sainfo anonymous {
lifetime time 2 hour;
encryption_algorithm rijndael, 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>