1# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
2
3# sample configuration for GSSAPI authentication (basically, Kerberos).
4# doc/README.gssapi gives some idea on how to configure it.
5# TODO: more documentation.
6
7#listen {
8#	strict_address;
9#}
10
11# Uncomment the following for GSS-API to work with older versions of
12# racoon that (incorrectly) used ISO-Latin-1 encoding for the GSS-API
13# identifier attribute.
14#gss_id_enc latin1;
15
16remote anonymous {
17	exchange_mode main;
18
19	lifetime time 24 hour;
20
21	proposal {
22		encryption_algorithm 3des;
23		hash_algorithm sha1;
24		authentication_method gssapi_krb;
25		# The default GSS-API ID is "host/hostname", where
26		# hostname is the output of the hostname(1) command.
27		# You probably want this to match your system's host
28		# principal.  ktutil(8)'s "list" command will list the
29		# principals in your system's keytab.  If you need to,
30		# you can change the GSS-API ID here.
31		#gss_id "host/some.host.name";
32
33		dh_group 1;
34	}
35}
36
37sainfo anonymous {
38	lifetime time 2 hour;
39
40	encryption_algorithm rijndael, 3des;
41	authentication_algorithm hmac_sha1, hmac_md5;
42	compression_algorithm deflate;
43}
44