<?xml version="1.0"?>
-<Opengate ConfigVersion="1.4.7">
+<Opengate ConfigVersion="1.4.11">
<!-- #################################################
# ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
- <!-- opengate gateway server hostname(FQDN or IP address) -->
+ <!-- #########################################################
+ ## Opengate gateway server hostname(FQDN or IP address)## -->
<OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
- <!-- Authentication server -->
- <!-- The AuthServer format is documented at the end of this file -->
+ <!-- ############################################
+ ## Authentication server ##
+ ## REFER document at the end of this file ## -->
<AuthServer>
<Address>192.168.0.2</Address>
<!-- ###################################################
# if you want to switch parameters with userID or extraID
# (entered by user as [userID@extraID] in auth page),
-# see the information of ExtraSet at the end of this file.
+# REFER the information of ExtraSet at the end of this file.
# ################################################### -->
+ <!-- Debug dump level -->
<!-- Set 0 to write only open/close and error messages to syslog -->
<!-- Set 1 to write some information adding to 0 -->
<!-- Set 2 to write many information to syslog -->
<!-- If no connection with java/http, network is closed after this. -->
<Duration>
<Default>1200</Default>
- <Max>10800</Max>
+ <Max>3600</Max>
</Duration>
<!-- Client Live Check (seconds) -->
<!-- In JAVA connection, send HELLO and get reply. -->
<!-- In HTTP connection, existance of HELLO request. -->
<!-- In no connection, check mac address mismatch and no packet. -->
- <ActiveCheck>
- <Interval>600</Interval>
- <NoPacketInterval>5400</NoPacketInterval>
- </ActiveCheck>
+ <ActiveCheckInterval>100</ActiveCheckInterval>
+
+ <!-- Close when no packet is passed between the interval -->
+ <NoPacketInterval>5400</NoPacketInterval>
<!-- Watch client with Http Keep-Alive -->
<HttpWatch>
- <!-- HTTP 'HELLO' request interval(sec) to Keep-Alive -->
- <!-- must be smaller than keep-alive time of browsers -->
- <HelloInterval>50</HelloInterval>
-
<!-- HTTP_USER_AGENT ignoring http watch mode -->
<!-- defined by "POSIX Extended Regular Expression" -->
- <SkipAgentPattern>Safari/4</SkipAgentPattern>
+ <SkipAgentPattern>^$</SkipAgentPattern>
</HttpWatch>
<!-- Watch client with Java Applet -->
<Min>30000</Min>
<Max>60000</Max>
</ListenPort>
+
+ <!-- communication reply timeout(second) -->
+ <CommWaitTimeout>10</CommWaitTimeout>
+
+ <!-- Java connection timeout(second) -->
+ <JavaWaitTimeout>600</JavaWaitTimeout>
+
+ <!-- http reconnect timeout(second) -->
+ <ReconnectTimeout>10</ReconnectTimeout>
+
+ <!-- ipfw exclusive exec lock timeout (second) -->
+ <LockTimeout>10</LockTimeout>
+
+ <!-- max delay from fwd.cgi to auth.cgi (second) -->
+ <ForwardingDelay>300</ForwardingDelay>
+
<!-- Available HTML languages (first lang is used as default) -->
<HtmlLangs>en ja</HtmlLangs>
<!-- Java Script (in opengate dir) -->
<HttpKeepJS>httpkeep.js</HttpKeepJS>
+ <Md5JS>md5.js</Md5JS>
<!-- URL used to retry -->
<ExternalUrl>http://www.google.com/</ExternalUrl>
<!-- Separate char between userID and extraID [userID@extraID] -->
<UserIdSeparator>@</UserIdSeparator>
+ <!-- Config for exceptional users, See below -->
+<!--
+ <ExtraSet ExtraId="guest">
+ <AuthServer>
+ <Address>192.168.0.1</Address>
+ <Protocol>ftp</Protocol>
+ </AuthServer>
+ </ExtraSet>
+-->
+
+</Opengate>
+
<!-- ##########################################################
# #### ExtraSet overwritten on default settings ####
#
#
# Word "default" is set to extraID, when extraID is not entered.
# #######################################################
--->
-
-<!--
+#
# <ExtraSet ExtraId="guest">
# <AuthServer>
# <Address>192.168.0.1</Address>
-# <Protocol>pop3s</Protocol>
+# <Protocol>ftp</Protocol>
# </AuthServer>
# <Duration>
# <Default>1200</Default>
# <Max>1200</Max>
# </Duration>
# </ExtraSet>
--->
-<!--
+#
# <ExtraSet ExtraId="admin">
# <AuthServer>
# <Protocol>pam</Protocol>
# </AuthServer>
# </ExtraSet>
--->
-<!--
+#
# <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$">
# <Syslog>
# <Enable>1</Enable>
# <Facility>local2</Facility>
# </Syslog>
# </ExtraSet>
--->
-</Opengate>
-
-
-
-<!-- ###################################################
+#
+#
+#
+# ###################################################
# ######Documentation about AuthServer setting ######
#
# ########### Format #############
# # Auth by RADIUS
# # If not define <ConfigFile>, "/etc/radius.conf" is used.
#
-# #### TYPE 4 (ACCEPT or DENY) ####
+# #### TYPE 4 (LDAP) ####
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>-uri-of-ldap-server-</Uri>
+# <BaseDN>-ldap_base_dn_to_search-</BaseDN>
+# </AuthServer>
+# # Auth by LDAP/LDAPS
+# # Uri examples
+# # 'ldap://foo.bar.com' for NonSSL
+# # 'ldaps://foo.bar.com' for SSL
+# # 'ldaps://foo.bar.com:1234' to use specific port
+#
+# #### TYPE 5 (ACCEPT or DENY) ####
# <AuthServer>
# <Protocol>{accept|deny}</Protocol>
# </AuthServer>
# <AuthServer>
# <Address>pop.saga-u.ac.jp</Address>
# <Protocol>pop3s</Protocol>
-# <Port>10000</Port>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>ldaps://ldap.saga-u.ac.jp</Uri>
+# <BaseDN>ou=people,dc=saga-u,dc=ac,dc=jp</BaseDN>
# </AuthServer>
#
# <AuthServer>