summaryrefslogtreecommitdiffstats
path: root/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi
diff options
context:
space:
mode:
Diffstat (limited to 'ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi')
-rw-r--r--ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi43
1 files changed, 43 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi b/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi
new file mode 100644
index 00000000..09c4df1d
--- /dev/null
+++ b/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi
@@ -0,0 +1,43 @@
+# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
+
+# sample configuration for GSSAPI authentication (basically, Kerberos).
+# doc/README.gssapi gives some idea on how to configure it.
+# TODO: more documentation.
+
+#listen {
+# strict_address;
+#}
+
+# Uncomment the following for GSS-API to work with older versions of
+# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
+# identifier attribute.
+#gss_id_enc latin1;
+
+remote anonymous {
+ exchange_mode main;
+
+ lifetime time 24 hour;
+
+ proposal {
+ encryption_algorithm 3des;
+ hash_algorithm sha1;
+ authentication_method gssapi_krb;
+ # The default GSS-API ID is "host/hostname", where
+ # hostname is the output of the hostname(1) command.
+ # You probably want this to match your system's host
+ # principal. ktutil(8)'s "list" command will list the
+ # principals in your system's keytab. If you need to,
+ # you can change the GSS-API ID here.
+ #gss_id "host/some.host.name";
+
+ dh_group 1;
+ }
+}
+
+sainfo anonymous {
+ lifetime time 2 hour;
+
+ encryption_algorithm rijndael, 3des;
+ authentication_algorithm hmac_sha1, hmac_md5;
+ compression_algorithm deflate;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 22:07:19 +0000