diff options
Diffstat (limited to 'ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi')
-rw-r--r-- | ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi b/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi new file mode 100644 index 00000000..09c4df1d --- /dev/null +++ b/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi @@ -0,0 +1,43 @@ +# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ + +# sample configuration for GSSAPI authentication (basically, Kerberos). +# doc/README.gssapi gives some idea on how to configure it. +# TODO: more documentation. + +#listen { +# strict_address; +#} + +# Uncomment the following for GSS-API to work with older versions of +# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API +# identifier attribute. +#gss_id_enc latin1; + +remote anonymous { + exchange_mode main; + + lifetime time 24 hour; + + proposal { + encryption_algorithm 3des; + hash_algorithm sha1; + authentication_method gssapi_krb; + # The default GSS-API ID is "host/hostname", where + # hostname is the output of the hostname(1) command. + # You probably want this to match your system's host + # principal. ktutil(8)'s "list" command will list the + # principals in your system's keytab. If you need to, + # you can change the GSS-API ID here. + #gss_id "host/some.host.name"; + + dh_group 1; + } +} + +sainfo anonymous { + lifetime time 2 hour; + + encryption_algorithm rijndael, 3des; + authentication_algorithm hmac_sha1, hmac_md5; + compression_algorithm deflate; +} |