-<?xml version="1.0"?>\r
-<Opengate>\r
-\r
-<!-- ################################################# \r
- ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->\r
-\r
- <!-- opengate gateway server hostname(FQDN or IP address) -->\r
-\r
- <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>\r
-\r
- <!-- Authentication server -->\r
- <!-- The AuthServer format is documented at the bottom of this file -->\r
-\r
- <AuthServer>\r
- <Address>192.168.0.2</Address>\r
- <Protocol>pop3s</Protocol>\r
- </AuthServer>\r
-\r
-<!-- ###################################################\r
- if you want to switch parameters with userID or extraID\r
- (which is entered by user as [userID@extraID]),\r
- see the information in ExtraSet below\r
- ################################################### --> \r
-\r
-<!-- #### usually, need not to modify following parameters #### -->\r
-\r
- <!-- Set 1 to write many information to syslog -->\r
- <!-- Set 0 to write only error message to syslog -->\r
- <Debug>0</Debug>\r
-\r
- <!-- Syslog -->\r
- <Syslog>\r
- <Enable>1</Enable>\r
- <Facility>local1</Facility>\r
- </Syslog>\r
- \r
- <!-- Available HTML languages (first lang is used as default) -->\r
- <HtmlLangs>en ja</HtmlLangs>\r
-\r
- <!-- Path to Apache Contents -->\r
- <DocumentRoot>/usr/local/www/data</DocumentRoot>\r
- <CgiDir>/cgi-bin</CgiDir>\r
- <OpengateDir>/opengate</OpengateDir>\r
-\r
- <!-- HTML Documents -->\r
- <DenyDoc>deny.html</DenyDoc>\r
- <DenyDocSsl>deny-ssl.html</DenyDocSsl>\r
- <AcceptDoc>accept.html</AcceptDoc>\r
- <AcceptDoc2>accept2.html</AcceptDoc2>\r
- <AuthDoc>index.html</AuthDoc>\r
- <AuthDocSsl>index-ssl.html</AuthDocSsl>\r
- <FwdDoc>topindex.html</FwdDoc>\r
- <RetryDoc>retry.html</RetryDoc>\r
-\r
- <!-- CGI programs -->\r
- <AuthCgi>opengateauth.cgi</AuthCgi>\r
- <FwdCgi>opengatefwd.cgi</FwdCgi>\r
- <MainCgi>opengatesrv.cgi</MainCgi>\r
-\r
- <!-- URL used to retry -->\r
- <ExternalUrl>http://www.google.com/</ExternalUrl>\r
-\r
- <!-- Url to start browsing after authentication -->\r
- <!-- if type=0, use acceptdoc2. if type=1, use below url -->\r
- <StartPage>\r
- <Type>0</Type>\r
- <Url>http://www.yahoo.com/</Url>\r
- </StartPage>\r
-\r
- <!-- Related command path -->\r
- <ArpPath>/usr/sbin/arp</ArpPath>\r
- <NdpPath>/usr/sbin/ndp</NdpPath>\r
- <IpfwPath>/sbin/ipfw</IpfwPath>\r
- <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>\r
- <PsPath>/bin/ps</PsPath>\r
-\r
- <!-- Ipfw is opened via perl script(1) or direct from C(0) -->\r
- <IpfwScript>\r
- <Enable>0</Enable>\r
- <Path>/etc/opengate/ipfwctrl.pl</Path>\r
- </IpfwScript>\r
-\r
- <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->\r
- <Ip6fwScript>\r
- <Enable>0</Enable>\r
- <Path>/etc/opengate/ipfwctrl.pl</Path>\r
- </Ip6fwScript>\r
-\r
- <!-- Allowable duration for users to use network(seconds) -->\r
- <Duration>\r
- <Default>1200</Default>\r
- <Max>10800</Max>\r
- </Duration>\r
- \r
- <!-- Live Check by sending 'HELLO' and counting packet (seconds) -->\r
- <ActiveCheck>\r
- <Interval>600</Interval>\r
- <NoReplyMaxCount>3</NoReplyMaxCount>\r
- <NoPacketInterval>5400</NoPacketInterval>\r
- </ActiveCheck>\r
-\r
- <!-- IPFW rule range used by opengate -->\r
- <IpfwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </IpfwRule>\r
-\r
- <!-- IP6FW rule range used by opengate -->\r
- <Ip6fwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </Ip6fwRule>\r
- \r
- <!-- Port range used by opengate -->\r
- <ListenPort>\r
- <Min>30000</Min>\r
- <Max>60000</Max>\r
- </ListenPort>\r
- \r
- <!-- Lock file for exclusive exec to prevent overlapped rule number -->\r
- <LockFile>/tmp/opengate.lock</LockFile>\r
-\r
- <!-- Separate char between userID and extraID [userID@extraID] -->\r
- <UserIdSeparator>@</UserIdSeparator>\r
-\r
-<!-- ########################################################## \r
- #### ExtraSet overwritten on default settings ####\r
-\r
- If you want to switch parameter values\r
- by userID and extraID entered as [userID@extraID],\r
- set following. \r
-\r
- If entered as [userID], above default parameters are used.\r
- If entered as [iserID@extraID] and matched set exists,\r
- the paremeters in the set is overwriten on the above default.\r
- The first matched extra set is used.\r
- \r
- Examples:\r
- First ExtraSet is used when user entered as [anyuser@guest],\r
- where "anyuser" is every userID.\r
- Second ExtraSet is used when [anyuser@admin].\r
- Third ExtraSet is used when [user1] or [user2].\r
- \r
- UserIdPattern is the "POSIX Extended Regular Expression".\r
- Matching is insensitive to upper/lower case.\r
-\r
- Word "default" is set to extraID, when extraID is not entered.\r
- ####################################################### -->\r
-\r
-<!--\r
- <ExtraSet ExtraId="guest">\r
- <AuthServer>\r
- <Address>192.168.0.1</Address>\r
- <Protocol>pop3s</Protocol>\r
- </AuthServer>\r
- <Duration>\r
- <Default>1200</Default>\r
- <Max>1200</Max>\r
- </Duration>\r
- </ExtraSet>\r
--->\r
-<!--\r
- <ExtraSet ExtraId="admin">\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- </AuthServer>\r
- </ExtraSet>\r
--->\r
-<!--\r
- <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$"> \r
- <Syslog>\r
- <Enable>1</Enable>\r
- <Facility>local2</Facility>\r
- </Syslog>\r
- </ExtraSet>\r
--->\r
-</Opengate> \r
-\r
-\r
-\r
-<!-- ###################################################\r
- ######Documentation about AuthServer setting ######\r
- \r
- ########### Format ############# \r
- where {a|b}: a or b , [ x ]: x is optional, -x-: x is value\r
- \r
- #### TYPE 1 (POP or FTP) ####\r
- <AuthServer>\r
- <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>\r
- <Address>{-hostname-|-ip_address-}</Address>\r
- [ <Port>-portno-</Port> ]\r
- </AuthServer>\r
- # AuthOK, if request by <Protocol> is accepted by <Address>.\r
- # Address is FQDN or IP address \r
- # If <Port> is not defined, port number in /etc/services is used.\r
- # pop3s is SSLed pop3\r
- # ftpse is SSLed ftp run in Explicit mode. \r
- # ftpsi is SSLed ftp run in Implicit mode.\r
-\r
- #### TYPE 2 (PAM) ####\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]\r
- </AuthServer>\r
- # Auth by PAM\r
- # If not define <ServiceName>, "opengate" is used in "pam.conf".\r
-\r
- #### TYPE 3 (RADIUS) ####\r
- <AuthServer>\r
- <Protocol>radius</Protocol>\r
- [ <ConfFile>-path_to_radius_conf-</ConfFile> ]\r
- </AuthServer>\r
- # Auth by RADIUS\r
- # If not define <ConfigFile>, "/etc/radius.conf" is used.\r
- \r
- #### TYPE 4 (ACCEPT or DENY) ####\r
- <AuthServer>\r
- <Protocol>{accept|deny}</Protocol>\r
- </AuthServer>\r
- # The user is accepted or denied without inquiry.\r
- # This setting is prepared for debugging.\r
- \r
- ############# Examples ##############\r
- <AuthServer>\r
- <Address>pop.saga-u.ac.jp</Address>\r
- <Protocol>pop3s</Protocol>\r
- <Port>10000</Port>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Address>192.168.0.1</Address>\r
- <Protocol>ftpsi</Protocol>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Protocol>radius</Protocol>\r
- </AuthServer>\r
-\r
- <AuthServer>\r
- <Protocol>pam</Protocol>\r
- </AuthServer>\r
- ###################################### -->\r
+<?xml version="1.0"?>
+<Opengate ConfigVersion="1.4.11">
+
+<!-- #################################################
+# ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
+
+ <!-- #########################################################
+ ## Opengate gateway server hostname(FQDN or IP address)## -->
+
+ <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
+
+ <!-- ############################################
+ ## Authentication server ##
+ ## REFER document at the end of this file ## -->
+
+ <AuthServer>
+ <Address>192.168.0.2</Address>
+ <Protocol>pop3s</Protocol>
+ </AuthServer>
+
+<!-- ##########################################################
+# #### usually, need not to modify following parameters #### -->
+
+<!-- ###################################################
+# if you want to switch parameters with userID or extraID
+# (entered by user as [userID@extraID] in auth page),
+# REFER the information of ExtraSet at the end of this file.
+# ################################################### -->
+
+ <!-- Debug dump level -->
+ <!-- Set 0 to write only open/close and error messages to syslog -->
+ <!-- Set 1 to write some information adding to 0 -->
+ <!-- Set 2 to write many information to syslog -->
+ <Debug>1</Debug>
+
+ <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
+ <WatchMode>Http</WatchMode>
+
+ <!-- Syslog (local0, local1, .., local7)-->
+ <Syslog>
+ <Enable>1</Enable>
+ <Facility>local1</Facility>
+ </Syslog>
+
+ <!-- Allowable duration for users to use network(seconds) -->
+ <!-- If no connection with java/http, network is closed after this. -->
+ <Duration>
+ <Default>1200</Default>
+ <Max>3600</Max>
+ </Duration>
+
+ <!-- Client Live Check (seconds) -->
+ <!-- In JAVA connection, send HELLO and get reply. -->
+ <!-- In HTTP connection, existance of HELLO request. -->
+ <!-- In no connection, check mac address mismatch and no packet. -->
+ <ActiveCheckInterval>100</ActiveCheckInterval>
+
+ <!-- Close when no packet is passed between the interval -->
+ <NoPacketInterval>5400</NoPacketInterval>
+
+ <!-- Watch client with Http Keep-Alive -->
+ <HttpWatch>
+ <!-- HTTP_USER_AGENT ignoring http watch mode -->
+ <!-- defined by "POSIX Extended Regular Expression" -->
+ <SkipAgentPattern>^$</SkipAgentPattern>
+ </HttpWatch>
+
+ <!-- Watch client with Java Applet -->
+ <JavaWatch>
+ <!-- HTTP_USER_AGENT ignoring java watch mode -->
+ <!-- defined by "POSIX Extended Regular Expression" -->
+ <SkipAgentPattern>^$</SkipAgentPattern>
+ </JavaWatch>
+
+ <!-- IPFW rule number range used by opengate -->
+ <IpfwRule>
+ <Min>10000</Min>
+ <Max>40000</Max>
+ <Interval>2</Interval>
+ </IpfwRule>
+
+ <!-- IP6FW rule number range used by opengate -->
+ <Ip6fwRule>
+ <Min>10000</Min>
+ <Max>40000</Max>
+ <Interval>2</Interval>
+ </Ip6fwRule>
+
+ <!-- Port number range used by opengate -->
+ <ListenPort>
+ <Min>30000</Min>
+ <Max>60000</Max>
+ </ListenPort>
+
+ <!-- communication reply timeout(second) -->
+ <CommWaitTimeout>10</CommWaitTimeout>
+
+ <!-- Java connection timeout(second) -->
+ <JavaWaitTimeout>600</JavaWaitTimeout>
+
+ <!-- http reconnect timeout(second) -->
+ <ReconnectTimeout>10</ReconnectTimeout>
+
+ <!-- ipfw exclusive exec lock timeout (second) -->
+ <LockTimeout>10</LockTimeout>
+
+ <!-- max delay from fwd.cgi to auth.cgi (second) -->
+ <ForwardingDelay>300</ForwardingDelay>
+
+
+ <!-- Available HTML languages (first lang is used as default) -->
+ <HtmlLangs>en ja</HtmlLangs>
+
+ <!-- Path to Apache Contents -->
+ <DocumentRoot>/usr/local/www/data</DocumentRoot>
+ <CgiDir>/cgi-bin</CgiDir>
+ <OpengateDir>/opengate</OpengateDir>
+
+ <!-- HTML Documents (in each language dir)-->
+ <DenyDoc>deny.html</DenyDoc>
+ <DenyDocSsl>deny-ssl.html</DenyDocSsl>
+ <AcceptDocHttp>accept-http.html</AcceptDocHttp>
+ <AcceptDocJava>accept-java.html</AcceptDocJava>
+ <AcceptDocTime>accept-time.html</AcceptDocTime>
+ <AcceptDoc2>accept2.html</AcceptDoc2>
+ <AuthDoc>index.html</AuthDoc>
+ <AuthDocSsl>index-ssl.html</AuthDocSsl>
+ <FwdDoc>topindex.html</FwdDoc>
+ <RetryDoc>retry.html</RetryDoc>
+ <HttpKeepDoc>httpkeep.html</HttpKeepDoc>
+
+ <!-- CGI programs -->
+ <AuthCgi>opengateauth.cgi</AuthCgi>
+ <FwdCgi>opengatefwd.cgi</FwdCgi>
+ <MainCgi>opengatesrv.cgi</MainCgi>
+
+ <!-- Java Script (in opengate dir) -->
+ <HttpKeepJS>httpkeep.js</HttpKeepJS>
+ <Md5JS>md5.js</Md5JS>
+
+ <!-- URL used to retry -->
+ <ExternalUrl>http://www.google.com/</ExternalUrl>
+
+ <!-- Url to start browsing after authentication -->
+ <!-- if type=0, use acceptdoc2. if type=1, use below url -->
+ <StartPage>
+ <Type>0</Type>
+ <Url>http://www.yahoo.com/</Url>
+ </StartPage>
+
+ <!-- Related command path -->
+ <ArpPath>/usr/sbin/arp</ArpPath>
+ <NdpPath>/usr/sbin/ndp</NdpPath>
+ <IpfwPath>/sbin/ipfw</IpfwPath>
+ <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
+ <PsPath>/bin/ps</PsPath>
+
+ <!-- Ipfw is opened via perl script(1) or direct from C(0) -->
+ <IpfwScript>
+ <Enable>0</Enable>
+ <Path>/etc/opengate/ipfwctrl.pl</Path>
+ </IpfwScript>
+
+ <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
+ <Ip6fwScript>
+ <Enable>0</Enable>
+ <Path>/etc/opengate/ipfwctrl.pl</Path>
+ </Ip6fwScript>
+
+ <!-- Lock file for exclusive exec to prevent overlapped rule number -->
+ <LockFile>/tmp/opengate.lock</LockFile>
+
+ <!-- Separate char between userID and extraID [userID@extraID] -->
+ <UserIdSeparator>@</UserIdSeparator>
+
+ <!-- Config for exceptional users, See below -->
+<!--
+ <ExtraSet ExtraId="guest">
+ <AuthServer>
+ <Address>192.168.0.1</Address>
+ <Protocol>ftp</Protocol>
+ </AuthServer>
+ </ExtraSet>
+-->
+
+</Opengate>
+
+<!-- ##########################################################
+# #### ExtraSet overwritten on default settings ####
+#
+# If you want to switch parameter values
+# by userID and extraID entered as [userID@extraID],
+# set following.
+#
+# If entered as [userID], above default parameters are used.
+# If entered as [iserID@extraID] and matched set exists,
+# the paremeters in the set is overwriten on the above default.
+# The first matched extra set is used.
+#
+# Examples:
+# First ExtraSet is used when user entered as [anyuser@guest],
+# where "anyuser" is every userID.
+# Second ExtraSet is used when [anyuser@admin].
+# Third ExtraSet is used when [user1] or [user2].
+#
+# UserIdPattern is the "POSIX Extended Regular Expression".
+# Matching is insensitive to upper/lower case.
+#
+# Word "default" is set to extraID, when extraID is not entered.
+# #######################################################
+#
+# <ExtraSet ExtraId="guest">
+# <AuthServer>
+# <Address>192.168.0.1</Address>
+# <Protocol>ftp</Protocol>
+# </AuthServer>
+# <Duration>
+# <Default>1200</Default>
+# <Max>1200</Max>
+# </Duration>
+# </ExtraSet>
+#
+# <ExtraSet ExtraId="admin">
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# </AuthServer>
+# </ExtraSet>
+#
+# <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$">
+# <Syslog>
+# <Enable>1</Enable>
+# <Facility>local2</Facility>
+# </Syslog>
+# </ExtraSet>
+#
+#
+#
+# ###################################################
+# ######Documentation about AuthServer setting ######
+#
+# ########### Format #############
+# where {a|b}: a or b , [ x ]: x is optional, -x-: x is value
+#
+# #### TYPE 1 (POP or FTP) ####
+# <AuthServer>
+# <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>
+# <Address>{-hostname-|-ip_address-}</Address>
+# [ <Port>-portno-</Port> ]
+# </AuthServer>
+# # AuthOK, if request by <Protocol> is accepted by <Address>.
+# # Address is FQDN or IP address
+# # If <Port> is not defined, port number in /etc/services is used.
+# # pop3s is SSLed pop3
+# # ftpse is SSLed ftp run in Explicit mode.
+# # ftpsi is SSLed ftp run in Implicit mode.
+#
+# #### TYPE 2 (PAM) ####
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]
+# </AuthServer>
+# # Auth by PAM
+# # If not define <ServiceName>, "opengate" is used in "pam.conf".
+#
+# #### TYPE 3 (RADIUS) ####
+# <AuthServer>
+# <Protocol>radius</Protocol>
+# [ <ConfFile>-path_to_radius_conf-</ConfFile> ]
+# </AuthServer>
+# # Auth by RADIUS
+# # If not define <ConfigFile>, "/etc/radius.conf" is used.
+#
+# #### TYPE 4 (LDAP) ####
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>-uri-of-ldap-server-</Uri>
+# <BaseDN>-ldap_base_dn_to_search-</BaseDN>
+# </AuthServer>
+# # Auth by LDAP/LDAPS
+# # Uri examples
+# # 'ldap://foo.bar.com' for NonSSL
+# # 'ldaps://foo.bar.com' for SSL
+# # 'ldaps://foo.bar.com:1234' to use specific port
+#
+# #### TYPE 5 (ACCEPT or DENY) ####
+# <AuthServer>
+# <Protocol>{accept|deny}</Protocol>
+# </AuthServer>
+# # The user is accepted or denied without inquiry.
+# # This setting is prepared for debugging.
+#
+# ############# Examples ##############
+# <AuthServer>
+# <Address>pop.saga-u.ac.jp</Address>
+# <Protocol>pop3s</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>ldaps://ldap.saga-u.ac.jp</Uri>
+# <BaseDN>ou=people,dc=saga-u,dc=ac,dc=jp</BaseDN>
+# </AuthServer>
+#
+# <AuthServer>
+# <Address>192.168.0.1</Address>
+# <Protocol>ftpsi</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>radius</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# </AuthServer>
+# ######################################
+-->