Racoon ipsec configuration with GSSAPI/kerberos

T. M. Pederson tmp+rnpc at echo.disfinite.org
Tue May 26 06:55:44 EDT 2009


In article <mailman.125.1243323208.9729.kerberos at mit.edu>,
	Anandan <anandhm_psg at yahoo.com> writes:
[...]
> Thanks for the information. I think this case will work between two linux
> machines.
> Is it possible to configure racoon with kerberos between a linux machine and
> a windows machine??

According to the documentation it's certainly possible. I don't
have access to any MS-Windows machines to offer much of any tips.

I will note, however, that while Racoon is capable of two gssapi id
encodings, MS-Windows can only handle one. Racoon is supposed to
default to using the same one that MS-Windows does, but if for some
reason it doesn't, explicitly set it in the general section of your
racoon.conf:
gss_id_enc utf-16le;
-- 
T. M. Pederson <tmp+rnpc at disfinite.org>
GPG key fingerprint = FFAF D056 F12B E03F 7084  1288 EF8B E1FE 1693 21EB
+Accept: text/plain; charset=ISO-8859-*,UTF-*



More information about the Kerberos mailing list