-<?xml version="1.0"?>\r
-<Opengate version="1.4">\r
-\r
-<!-- ################################################# \r
-# ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->\r
-\r
- <!-- opengate gateway server hostname(FQDN or IP address) -->\r
-\r
- <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>\r
-\r
- <!-- Authentication server -->\r
- <!-- The AuthServer format is documented at the end of this file -->\r
-\r
- <AuthServer>\r
- <Address>192.168.0.2</Address>\r
- <Protocol>pop3s</Protocol>\r
- </AuthServer>\r
-\r
-<!-- ########################################################## \r
-# #### usually, need not to modify following parameters #### -->\r
-\r
-<!-- ###################################################\r
-# if you want to switch parameters with userID or extraID\r
-# (entered by user as [userID@extraID] in auth page),\r
-# see the information of ExtraSet at the end of this file.\r
-# ################################################### --> \r
-\r
- <!-- Set 1 to write many information to syslog -->\r
- <!-- Set 0 to write only open/close and error messages to syslog -->\r
- <Debug>0</Debug>\r
-\r
- <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->\r
- <WatchMode>Java</WatchMode>\r
- \r
- <!-- Syslog (local0, local1, .., local7)-->\r
- <Syslog>\r
- <Enable>1</Enable>\r
- <Facility>local1</Facility>\r
- </Syslog>\r
-\r
- <!-- Allowable duration for users to use network(seconds) -->\r
- <!-- If no connection with java/http, network is closed after this. -->\r
- <Duration>\r
- <Default>1200</Default>\r
- <Max>10800</Max>\r
- </Duration>\r
- \r
- <!-- Client Live Check (seconds) -->\r
- <!-- In JAVA connection, send HELLO and get reply. -->\r
- <!-- In HTTP connection, existance of HELLO request. -->\r
- <!-- In no connection, check mac address mismatch and no packet. -->\r
- <ActiveCheck>\r
- <Interval>600</Interval>\r
- <NoPacketInterval>5400</NoPacketInterval>\r
- </ActiveCheck>\r
-\r
- <!-- HTTP 'HELLO' request interval(ms) to Keep-Alive -->\r
- <!-- this must be smaller than the keep-alive time of browsers -->\r
- <HttpHelloInterval>50000</HttpHelloInterval>\r
-\r
- <!-- IPFW rule number range used by opengate -->\r
- <IpfwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </IpfwRule>\r
-\r
- <!-- IP6FW rule number range used by opengate -->\r
- <Ip6fwRule>\r
- <Min>10000</Min>\r
- <Max>40000</Max>\r
- <Interval>2</Interval>\r
- </Ip6fwRule>\r
- \r
- <!-- Port number range used by opengate -->\r
- <ListenPort>\r
- <Min>30000</Min>\r
- <Max>60000</Max>\r
- </ListenPort>\r
- \r
- <!-- Available HTML languages (first lang is used as default) -->\r
- <HtmlLangs>en ja</HtmlLangs>\r
-\r
- <!-- Path to Apache Contents -->\r
- <DocumentRoot>/usr/local/www/data</DocumentRoot>\r
- <CgiDir>/cgi-bin</CgiDir>\r
- <OpengateDir>/opengate</OpengateDir>\r
-\r
- <!-- HTML Documents -->\r
- <DenyDoc>deny.html</DenyDoc>\r
- <DenyDocSsl>deny-ssl.html</DenyDocSsl>\r
- <AcceptDocHttp>accept-http.html</AcceptDocHttp>\r
- <AcceptDocJava>accept-java.html</AcceptDocJava>\r
- <AcceptDocTime>accept-time.html</AcceptDocTime>\r
- <AcceptDoc2>accept2.html</AcceptDoc2>\r
- <AuthDoc>index.html</AuthDoc>\r
- <AuthDocSsl>index-ssl.html</AuthDocSsl>\r
- <FwdDoc>topindex.html</FwdDoc>\r
- <RetryDoc>retry.html</RetryDoc>\r
- <HttpKeepDoc>httpkeep.html</HttpKeepDoc>\r
-\r
- <!-- CGI programs -->\r
- <AuthCgi>opengateauth.cgi</AuthCgi>\r
- <FwdCgi>opengatefwd.cgi</FwdCgi>\r
- <MainCgi>opengatesrv.cgi</MainCgi>\r
-\r
- <!-- URL used to retry -->\r
- <ExternalUrl>http://www.google.com/</ExternalUrl>\r
-\r
- <!-- Url to start browsing after authentication -->\r
- <!-- if type=0, use acceptdoc2. if type=1, use below url -->\r
- <StartPage>\r
- <Type>0</Type>\r
- <Url>http://www.yahoo.com/</Url>\r
- </StartPage>\r
-\r
- <!-- Related command path -->\r
- <ArpPath>/usr/sbin/arp</ArpPath>\r
- <NdpPath>/usr/sbin/ndp</NdpPath>\r
- <IpfwPath>/sbin/ipfw</IpfwPath>\r
- <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>\r
- <PsPath>/bin/ps</PsPath>\r
-\r
- <!-- Ipfw is opened via perl script(1) or direct from C(0) -->\r
- <IpfwScript>\r
- <Enable>0</Enable>\r
- <Path>/etc/opengate/ipfwctrl.pl</Path>\r
- </IpfwScript>\r
-\r
- <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->\r
- <Ip6fwScript>\r
- <Enable>0</Enable>\r
- <Path>/etc/opengate/ipfwctrl.pl</Path>\r
- </Ip6fwScript>\r
-\r
- <!-- Lock file for exclusive exec to prevent overlapped rule number -->\r
- <LockFile>/tmp/opengate.lock</LockFile>\r
-\r
- <!-- Separate char between userID and extraID [userID@extraID] -->\r
- <UserIdSeparator>@</UserIdSeparator>\r
-\r
-<!-- ########################################################## \r
-# #### ExtraSet overwritten on default settings ####\r
-#\r
-# If you want to switch parameter values\r
-# by userID and extraID entered as [userID@extraID],\r
-# set following. \r
-#\r
-# If entered as [userID], above default parameters are used.\r
-# If entered as [iserID@extraID] and matched set exists,\r
-# the paremeters in the set is overwriten on the above default.\r
-# The first matched extra set is used.\r
-# \r
-# Examples:\r
-# First ExtraSet is used when user entered as [anyuser@guest],\r
-# where "anyuser" is every userID.\r
-# Second ExtraSet is used when [anyuser@admin].\r
-# Third ExtraSet is used when [user1] or [user2].\r
-# \r
-# UserIdPattern is the "POSIX Extended Regular Expression".\r
-# Matching is insensitive to upper/lower case.\r
-#\r
-# Word "default" is set to extraID, when extraID is not entered.\r
-# ####################################################### \r
--->\r
-\r
-<!--\r
-# <ExtraSet ExtraId="guest">\r
-# <AuthServer>\r
-# <Address>192.168.0.1</Address>\r
-# <Protocol>pop3s</Protocol>\r
-# </AuthServer>\r
-# <Duration>\r
-# <Default>1200</Default>\r
-# <Max>1200</Max>\r
-# </Duration>\r
-# </ExtraSet>\r
--->\r
-<!--\r
-# <ExtraSet ExtraId="admin">\r
-# <AuthServer>\r
-# <Protocol>pam</Protocol>\r
-# </AuthServer>\r
-# </ExtraSet>\r
--->\r
-<!--\r
-# <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$"> \r
-# <Syslog>\r
-# <Enable>1</Enable>\r
-# <Facility>local2</Facility>\r
-# </Syslog>\r
-# </ExtraSet>\r
--->\r
-</Opengate> \r
-\r
-\r
-\r
-<!-- ###################################################\r
-# ######Documentation about AuthServer setting ######\r
-# \r
-# ########### Format ############# \r
-# where {a|b}: a or b , [ x ]: x is optional, -x-: x is value\r
-# \r
-# #### TYPE 1 (POP or FTP) ####\r
-# <AuthServer>\r
-# <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>\r
-# <Address>{-hostname-|-ip_address-}</Address>\r
-# [ <Port>-portno-</Port> ]\r
-# </AuthServer>\r
-# # AuthOK, if request by <Protocol> is accepted by <Address>.\r
-# # Address is FQDN or IP address \r
-# # If <Port> is not defined, port number in /etc/services is used.\r
-# # pop3s is SSLed pop3\r
-# # ftpse is SSLed ftp run in Explicit mode. \r
-# # ftpsi is SSLed ftp run in Implicit mode.\r
-#\r
-# #### TYPE 2 (PAM) ####\r
-# <AuthServer>\r
-# <Protocol>pam</Protocol>\r
-# [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]\r
-# </AuthServer>\r
-# # Auth by PAM\r
-# # If not define <ServiceName>, "opengate" is used in "pam.conf".\r
-#\r
-# #### TYPE 3 (RADIUS) ####\r
-# <AuthServer>\r
-# <Protocol>radius</Protocol>\r
-# [ <ConfFile>-path_to_radius_conf-</ConfFile> ]\r
-# </AuthServer>\r
-# # Auth by RADIUS\r
-# # If not define <ConfigFile>, "/etc/radius.conf" is used.\r
-# \r
-# #### TYPE 4 (ACCEPT or DENY) ####\r
-# <AuthServer>\r
-# <Protocol>{accept|deny}</Protocol>\r
-# </AuthServer>\r
-# # The user is accepted or denied without inquiry.\r
-# # This setting is prepared for debugging.\r
-# \r
-# ############# Examples ##############\r
-# <AuthServer>\r
-# <Address>pop.saga-u.ac.jp</Address>\r
-# <Protocol>pop3s</Protocol>\r
-# <Port>10000</Port>\r
-# </AuthServer>\r
-#\r
-# <AuthServer>\r
-# <Address>192.168.0.1</Address>\r
-# <Protocol>ftpsi</Protocol>\r
-# </AuthServer>\r
-#\r
-# <AuthServer>\r
-# <Protocol>radius</Protocol>\r
-# </AuthServer>\r
-#\r
-# <AuthServer>\r
-# <Protocol>pam</Protocol>\r
-# </AuthServer>\r
-# ###################################### \r
--->\r
+<?xml version="1.0"?>
+<Opengate ConfigVersion="1.4.11">
+
+<!-- #################################################
+# ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
+
+ <!-- #########################################################
+ ## Opengate gateway server hostname(FQDN or IP address)## -->
+
+ <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
+
+ <!-- ############################################
+ ## Authentication server ##
+ ## REFER document at the end of this file ## -->
+
+ <AuthServer>
+ <Address>192.168.0.2</Address>
+ <Protocol>pop3s</Protocol>
+ </AuthServer>
+
+<!-- ##########################################################
+# #### usually, need not to modify following parameters #### -->
+
+<!-- ###################################################
+# if you want to switch parameters with userID or extraID
+# (entered by user as [userID@extraID] in auth page),
+# REFER the information of ExtraSet at the end of this file.
+# ################################################### -->
+
+ <!-- Debug dump level -->
+ <!-- Set 0 to write only open/close and error messages to syslog -->
+ <!-- Set 1 to write some information adding to 0 -->
+ <!-- Set 2 to write many information to syslog -->
+ <Debug>1</Debug>
+
+ <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
+ <WatchMode>Http</WatchMode>
+
+ <!-- Syslog (local0, local1, .., local7)-->
+ <Syslog>
+ <Enable>1</Enable>
+ <Facility>local1</Facility>
+ </Syslog>
+
+ <!-- Allowable duration for users to use network(seconds) -->
+ <!-- If no connection with java/http, network is closed after this. -->
+ <Duration>
+ <Default>1200</Default>
+ <Max>3600</Max>
+ </Duration>
+
+ <!-- Client Live Check (seconds) -->
+ <!-- In JAVA connection, send HELLO and get reply. -->
+ <!-- In HTTP connection, existance of HELLO request. -->
+ <!-- In no connection, check mac address mismatch and no packet. -->
+ <ActiveCheckInterval>100</ActiveCheckInterval>
+
+ <!-- Close when no packet is passed between the interval -->
+ <NoPacketInterval>5400</NoPacketInterval>
+
+ <!-- Watch client with Http Keep-Alive -->
+ <HttpWatch>
+ <!-- HTTP_USER_AGENT ignoring http watch mode -->
+ <!-- defined by "POSIX Extended Regular Expression" -->
+ <SkipAgentPattern>^$</SkipAgentPattern>
+ </HttpWatch>
+
+ <!-- Watch client with Java Applet -->
+ <JavaWatch>
+ <!-- HTTP_USER_AGENT ignoring java watch mode -->
+ <!-- defined by "POSIX Extended Regular Expression" -->
+ <SkipAgentPattern>^$</SkipAgentPattern>
+ </JavaWatch>
+
+ <!-- IPFW rule number range used by opengate -->
+ <IpfwRule>
+ <Min>10000</Min>
+ <Max>40000</Max>
+ <Interval>2</Interval>
+ </IpfwRule>
+
+ <!-- IP6FW rule number range used by opengate -->
+ <Ip6fwRule>
+ <Min>10000</Min>
+ <Max>40000</Max>
+ <Interval>2</Interval>
+ </Ip6fwRule>
+
+ <!-- Port number range used by opengate -->
+ <ListenPort>
+ <Min>30000</Min>
+ <Max>60000</Max>
+ </ListenPort>
+
+ <!-- communication reply timeout(second) -->
+ <CommWaitTimeout>10</CommWaitTimeout>
+
+ <!-- Java connection timeout(second) -->
+ <JavaWaitTimeout>600</JavaWaitTimeout>
+
+ <!-- http reconnect timeout(second) -->
+ <ReconnectTimeout>10</ReconnectTimeout>
+
+ <!-- ipfw exclusive exec lock timeout (second) -->
+ <LockTimeout>10</LockTimeout>
+
+ <!-- max delay from fwd.cgi to auth.cgi (second) -->
+ <ForwardingDelay>300</ForwardingDelay>
+
+
+ <!-- Available HTML languages (first lang is used as default) -->
+ <HtmlLangs>en ja</HtmlLangs>
+
+ <!-- Path to Apache Contents -->
+ <DocumentRoot>/usr/local/www/data</DocumentRoot>
+ <CgiDir>/cgi-bin</CgiDir>
+ <OpengateDir>/opengate</OpengateDir>
+
+ <!-- HTML Documents (in each language dir)-->
+ <DenyDoc>deny.html</DenyDoc>
+ <DenyDocSsl>deny-ssl.html</DenyDocSsl>
+ <AcceptDocHttp>accept-http.html</AcceptDocHttp>
+ <AcceptDocJava>accept-java.html</AcceptDocJava>
+ <AcceptDocTime>accept-time.html</AcceptDocTime>
+ <AcceptDoc2>accept2.html</AcceptDoc2>
+ <AuthDoc>index.html</AuthDoc>
+ <AuthDocSsl>index-ssl.html</AuthDocSsl>
+ <FwdDoc>topindex.html</FwdDoc>
+ <RetryDoc>retry.html</RetryDoc>
+ <HttpKeepDoc>httpkeep.html</HttpKeepDoc>
+
+ <!-- CGI programs -->
+ <AuthCgi>opengateauth.cgi</AuthCgi>
+ <FwdCgi>opengatefwd.cgi</FwdCgi>
+ <MainCgi>opengatesrv.cgi</MainCgi>
+
+ <!-- Java Script (in opengate dir) -->
+ <HttpKeepJS>httpkeep.js</HttpKeepJS>
+ <Md5JS>md5.js</Md5JS>
+
+ <!-- URL used to retry -->
+ <ExternalUrl>http://www.google.com/</ExternalUrl>
+
+ <!-- Url to start browsing after authentication -->
+ <!-- if type=0, use acceptdoc2. if type=1, use below url -->
+ <StartPage>
+ <Type>0</Type>
+ <Url>http://www.yahoo.com/</Url>
+ </StartPage>
+
+ <!-- Related command path -->
+ <ArpPath>/usr/sbin/arp</ArpPath>
+ <NdpPath>/usr/sbin/ndp</NdpPath>
+ <IpfwPath>/sbin/ipfw</IpfwPath>
+ <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
+ <PsPath>/bin/ps</PsPath>
+
+ <!-- Ipfw is opened via perl script(1) or direct from C(0) -->
+ <IpfwScript>
+ <Enable>0</Enable>
+ <Path>/etc/opengate/ipfwctrl.pl</Path>
+ </IpfwScript>
+
+ <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
+ <Ip6fwScript>
+ <Enable>0</Enable>
+ <Path>/etc/opengate/ipfwctrl.pl</Path>
+ </Ip6fwScript>
+
+ <!-- Lock file for exclusive exec to prevent overlapped rule number -->
+ <LockFile>/tmp/opengate.lock</LockFile>
+
+ <!-- Separate char between userID and extraID [userID@extraID] -->
+ <UserIdSeparator>@</UserIdSeparator>
+
+ <!-- Config for exceptional users, See below -->
+<!--
+ <ExtraSet ExtraId="guest">
+ <AuthServer>
+ <Address>192.168.0.1</Address>
+ <Protocol>ftp</Protocol>
+ </AuthServer>
+ </ExtraSet>
+-->
+
+</Opengate>
+
+<!-- ##########################################################
+# #### ExtraSet overwritten on default settings ####
+#
+# If you want to switch parameter values
+# by userID and extraID entered as [userID@extraID],
+# set following.
+#
+# If entered as [userID], above default parameters are used.
+# If entered as [iserID@extraID] and matched set exists,
+# the paremeters in the set is overwriten on the above default.
+# The first matched extra set is used.
+#
+# Examples:
+# First ExtraSet is used when user entered as [anyuser@guest],
+# where "anyuser" is every userID.
+# Second ExtraSet is used when [anyuser@admin].
+# Third ExtraSet is used when [user1] or [user2].
+#
+# UserIdPattern is the "POSIX Extended Regular Expression".
+# Matching is insensitive to upper/lower case.
+#
+# Word "default" is set to extraID, when extraID is not entered.
+# #######################################################
+#
+# <ExtraSet ExtraId="guest">
+# <AuthServer>
+# <Address>192.168.0.1</Address>
+# <Protocol>ftp</Protocol>
+# </AuthServer>
+# <Duration>
+# <Default>1200</Default>
+# <Max>1200</Max>
+# </Duration>
+# </ExtraSet>
+#
+# <ExtraSet ExtraId="admin">
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# </AuthServer>
+# </ExtraSet>
+#
+# <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$">
+# <Syslog>
+# <Enable>1</Enable>
+# <Facility>local2</Facility>
+# </Syslog>
+# </ExtraSet>
+#
+#
+#
+# ###################################################
+# ######Documentation about AuthServer setting ######
+#
+# ########### Format #############
+# where {a|b}: a or b , [ x ]: x is optional, -x-: x is value
+#
+# #### TYPE 1 (POP or FTP) ####
+# <AuthServer>
+# <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>
+# <Address>{-hostname-|-ip_address-}</Address>
+# [ <Port>-portno-</Port> ]
+# </AuthServer>
+# # AuthOK, if request by <Protocol> is accepted by <Address>.
+# # Address is FQDN or IP address
+# # If <Port> is not defined, port number in /etc/services is used.
+# # pop3s is SSLed pop3
+# # ftpse is SSLed ftp run in Explicit mode.
+# # ftpsi is SSLed ftp run in Implicit mode.
+#
+# #### TYPE 2 (PAM) ####
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]
+# </AuthServer>
+# # Auth by PAM
+# # If not define <ServiceName>, "opengate" is used in "pam.conf".
+#
+# #### TYPE 3 (RADIUS) ####
+# <AuthServer>
+# <Protocol>radius</Protocol>
+# [ <ConfFile>-path_to_radius_conf-</ConfFile> ]
+# </AuthServer>
+# # Auth by RADIUS
+# # If not define <ConfigFile>, "/etc/radius.conf" is used.
+#
+# #### TYPE 4 (LDAP) ####
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>-uri-of-ldap-server-</Uri>
+# <BaseDN>-ldap_base_dn_to_search-</BaseDN>
+# </AuthServer>
+# # Auth by LDAP/LDAPS
+# # Uri examples
+# # 'ldap://foo.bar.com' for NonSSL
+# # 'ldaps://foo.bar.com' for SSL
+# # 'ldaps://foo.bar.com:1234' to use specific port
+#
+# #### TYPE 5 (ACCEPT or DENY) ####
+# <AuthServer>
+# <Protocol>{accept|deny}</Protocol>
+# </AuthServer>
+# # The user is accepted or denied without inquiry.
+# # This setting is prepared for debugging.
+#
+# ############# Examples ##############
+# <AuthServer>
+# <Address>pop.saga-u.ac.jp</Address>
+# <Protocol>pop3s</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>ldap</Protocol>
+# <Uri>ldaps://ldap.saga-u.ac.jp</Uri>
+# <BaseDN>ou=people,dc=saga-u,dc=ac,dc=jp</BaseDN>
+# </AuthServer>
+#
+# <AuthServer>
+# <Address>192.168.0.1</Address>
+# <Protocol>ftpsi</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>radius</Protocol>
+# </AuthServer>
+#
+# <AuthServer>
+# <Protocol>pam</Protocol>
+# </AuthServer>
+# ######################################
+-->