1# $KAME: racoon.conf.sample-gssapi,v 1.5 2001/08/16 06:33:40 itojun Exp $ 2 3# sample configuration for GSSAPI authentication (basically, kerberos). 4# doc/README.gssapi gives some idea on how to configure it. 5# TODO: more documentation. 6 7#listen { 8# strict_address; 9#} 10 11remote anonymous { 12 exchange_mode main; 13 #exchange_mode aggressive; 14 15 # specify the identifier type 16 my_identifier fqdn "foo.kame.net"; 17 18 lifetime time 1 min; 19 20 proposal { 21 encryption_algorithm blowfish; 22 hash_algorithm sha1; 23 #authentication_method pre_shared_key; 24 authentication_method gssapi_krb; 25 gssapi_id "ike/myidentification"; 26 27 dh_group 1; 28 } 29} 30 31sainfo anonymous { 32 my_identifier fqdn "foo.kame.net"; 33 34 lifetime time 30 min; 35 36 encryption_algorithm blowfish 448; 37 authentication_algorithm hmac_sha1; 38 compression_algorithm deflate; 39} 40