userapps/opensource/ipsec-tools/src/racoon/samples/racoon.conf.sample-gssapi

   1 # $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $
   2
   3 # sample configuration for GSSAPI authentication (basically, kerberos).
   4 # doc/README.gssapi gives some idea on how to configure it.
   5 # TODO: more documentation.
   6
   7 #listen {
   8 #       strict_address;
   9 #}
  10
  11 remote anonymous {
  12         exchange_mode main;
  13         #exchange_mode aggressive;
  14
  15         # specify the identifier type
  16         my_identifier fqdn "foo.kame.net";
  17
  18         lifetime time 1 min;
  19
  20         proposal {
  21                 encryption_algorithm blowfish;
  22                 hash_algorithm sha1;
  23                 #authentication_method pre_shared_key;
  24                 authentication_method gssapi_krb;
  25                 gssapi_id "ike/myidentification";
  26
  27                 dh_group 1;
  28         }
  29 }
  30
  31 sainfo anonymous {
  32         my_identifier fqdn "foo.kame.net";
  33
  34         lifetime time 30 min;
  35
  36         encryption_algorithm blowfish 448;
  37         authentication_algorithm hmac_sha1;
  38         compression_algorithm deflate;
  39 }