| # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ |
| |
| # sample configuration for GSSAPI authentication (basically, Kerberos). |
| # doc/README.gssapi gives some idea on how to configure it. |
| # TODO: more documentation. |
| |
| #listen { |
| # strict_address; |
| #} |
| |
| # Uncomment the following for GSS-API to work with older versions of |
| # racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API |
| # identifier attribute. |
| #gss_id_enc latin1; |
| |
| remote anonymous { |
| exchange_mode main; |
| |
| lifetime time 24 hour; |
| |
| proposal { |
| encryption_algorithm 3des; |
| hash_algorithm sha1; |
| authentication_method gssapi_krb; |
| # The default GSS-API ID is "host/hostname", where |
| # hostname is the output of the hostname(1) command. |
| # You probably want this to match your system's host |
| # principal. ktutil(8)'s "list" command will list the |
| # principals in your system's keytab. If you need to, |
| # you can change the GSS-API ID here. |
| #gss_id "host/some.host.name"; |
| |
| dh_group 1; |
| } |
| } |
| |
| sainfo anonymous { |
| lifetime time 2 hour; |
| |
| encryption_algorithm rijndael, 3des; |
| authentication_algorithm hmac_sha1, hmac_md5; |
| compression_algorithm deflate; |
| } |