1# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ 2 3# sample configuration for GSSAPI authentication (basically, Kerberos). 4# doc/README.gssapi gives some idea on how to configure it. 5# TODO: more documentation. 6 7#listen { 8# strict_address; 9#} 10 11# Uncomment the following for GSS-API to work with older versions of 12# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API 13# identifier attribute. 14#gss_id_enc latin1; 15 16remote anonymous { 17 exchange_mode main; 18 19 lifetime time 24 hour; 20 21 proposal { 22 encryption_algorithm 3des; 23 hash_algorithm sha1; 24 authentication_method gssapi_krb; 25 # The default GSS-API ID is "host/hostname", where 26 # hostname is the output of the hostname(1) command. 27 # You probably want this to match your system's host 28 # principal. ktutil(8)'s "list" command will list the 29 # principals in your system's keytab. If you need to, 30 # you can change the GSS-API ID here. 31 #gss_id "host/some.host.name"; 32 33 dh_group 1; 34 } 35} 36 37sainfo anonymous { 38 lifetime time 2 hour; 39 40 encryption_algorithm rijndael, 3des; 41 authentication_algorithm hmac_sha1, hmac_md5; 42 compression_algorithm deflate; 43} 44