1 <?xml version="1.0"?>
\r
2 <Opengate version="1.4.5">
\r
4 <!-- #################################################
\r
5 # ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
\r
7 <!-- opengate gateway server hostname(FQDN or IP address) -->
\r
9 <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
\r
11 <!-- Authentication server -->
\r
12 <!-- The AuthServer format is documented at the end of this file -->
\r
15 <Address>192.168.0.2</Address>
\r
16 <Protocol>pop3s</Protocol>
\r
19 <!-- ##########################################################
\r
20 # #### usually, need not to modify following parameters #### -->
\r
22 <!-- ###################################################
\r
23 # if you want to switch parameters with userID or extraID
\r
24 # (entered by user as [userID@extraID] in auth page),
\r
25 # see the information of ExtraSet at the end of this file.
\r
26 # ################################################### -->
\r
28 <!-- Set 0 to write only open/close and error messages to syslog -->
\r
29 <!-- Set 1 to write some information adding to 0 -->
\r
30 <!-- Set 2 to write many information to syslog -->
\r
33 <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
\r
34 <WatchMode>Http</WatchMode>
\r
36 <!-- Syslog (local0, local1, .., local7)-->
\r
39 <Facility>local1</Facility>
\r
42 <!-- Allowable duration for users to use network(seconds) -->
\r
43 <!-- If no connection with java/http, network is closed after this. -->
\r
45 <Default>1200</Default>
\r
49 <!-- Client Live Check (seconds) -->
\r
50 <!-- In JAVA connection, send HELLO and get reply. -->
\r
51 <!-- In HTTP connection, existance of HELLO request. -->
\r
52 <!-- In no connection, check mac address mismatch and no packet. -->
\r
54 <Interval>600</Interval>
\r
55 <NoPacketInterval>5400</NoPacketInterval>
\r
58 <!-- Watch client with Http Keep-Alive -->
\r
60 <!-- HTTP 'HELLO' request interval(sec) to Keep-Alive -->
\r
61 <!-- must be smaller than keep-alive time of browsers -->
\r
62 <HelloInterval>50</HelloInterval>
\r
64 <!-- HTTP_USER_AGENT ignoring http watch mode -->
\r
65 <!-- defined by "POSIX Extended Regular Expression" -->
\r
66 <SkipAgentPattern>Safari/4</SkipAgentPattern>
\r
69 <!-- Watch client with Java Applet -->
\r
71 <!-- HTTP_USER_AGENT ignoring java watch mode -->
\r
72 <!-- defined by "POSIX Extended Regular Expression" -->
\r
73 <SkipAgentPattern></SkipAgentPattern>
\r
76 <!-- IPFW rule number range used by opengate -->
\r
80 <Interval>2</Interval>
\r
83 <!-- IP6FW rule number range used by opengate -->
\r
87 <Interval>2</Interval>
\r
90 <!-- Port number range used by opengate -->
\r
96 <!-- Available HTML languages (first lang is used as default) -->
\r
97 <HtmlLangs>en ja</HtmlLangs>
\r
99 <!-- Path to Apache Contents -->
\r
100 <DocumentRoot>/usr/local/www/data</DocumentRoot>
\r
101 <CgiDir>/cgi-bin</CgiDir>
\r
102 <OpengateDir>/opengate</OpengateDir>
\r
104 <!-- HTML Documents (in each language dir)-->
\r
105 <DenyDoc>deny.html</DenyDoc>
\r
106 <DenyDocSsl>deny-ssl.html</DenyDocSsl>
\r
107 <AcceptDocHttp>accept-http.html</AcceptDocHttp>
\r
108 <AcceptDocJava>accept-java.html</AcceptDocJava>
\r
109 <AcceptDocTime>accept-time.html</AcceptDocTime>
\r
110 <AcceptDoc2>accept2.html</AcceptDoc2>
\r
111 <AuthDoc>index.html</AuthDoc>
\r
112 <AuthDocSsl>index-ssl.html</AuthDocSsl>
\r
113 <FwdDoc>topindex.html</FwdDoc>
\r
114 <RetryDoc>retry.html</RetryDoc>
\r
115 <HttpKeepDoc>httpkeep.html</HttpKeepDoc>
\r
117 <!-- CGI programs -->
\r
118 <AuthCgi>opengateauth.cgi</AuthCgi>
\r
119 <FwdCgi>opengatefwd.cgi</FwdCgi>
\r
120 <MainCgi>opengatesrv.cgi</MainCgi>
\r
122 <!-- Java Script (in opengate dir) -->
\r
123 <HttpKeepJS>httpkeep.js</HttpKeepJS>
\r
125 <!-- URL used to retry -->
\r
126 <ExternalUrl>http://www.google.com/</ExternalUrl>
\r
128 <!-- Url to start browsing after authentication -->
\r
129 <!-- if type=0, use acceptdoc2. if type=1, use below url -->
\r
132 <Url>http://www.yahoo.com/</Url>
\r
135 <!-- Related command path -->
\r
136 <ArpPath>/usr/sbin/arp</ArpPath>
\r
137 <NdpPath>/usr/sbin/ndp</NdpPath>
\r
138 <IpfwPath>/sbin/ipfw</IpfwPath>
\r
139 <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
\r
140 <PsPath>/bin/ps</PsPath>
\r
142 <!-- Ipfw is opened via perl script(1) or direct from C(0) -->
\r
145 <Path>/etc/opengate/ipfwctrl.pl</Path>
\r
148 <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
\r
151 <Path>/etc/opengate/ipfwctrl.pl</Path>
\r
154 <!-- Lock file for exclusive exec to prevent overlapped rule number -->
\r
155 <LockFile>/tmp/opengate.lock</LockFile>
\r
157 <!-- Separate char between userID and extraID [userID@extraID] -->
\r
158 <UserIdSeparator>@</UserIdSeparator>
\r
160 <!-- ##########################################################
\r
161 # #### ExtraSet overwritten on default settings ####
\r
163 # If you want to switch parameter values
\r
164 # by userID and extraID entered as [userID@extraID],
\r
167 # If entered as [userID], above default parameters are used.
\r
168 # If entered as [iserID@extraID] and matched set exists,
\r
169 # the paremeters in the set is overwriten on the above default.
\r
170 # The first matched extra set is used.
\r
173 # First ExtraSet is used when user entered as [anyuser@guest],
\r
174 # where "anyuser" is every userID.
\r
175 # Second ExtraSet is used when [anyuser@admin].
\r
176 # Third ExtraSet is used when [user1] or [user2].
\r
178 # UserIdPattern is the "POSIX Extended Regular Expression".
\r
179 # Matching is insensitive to upper/lower case.
\r
181 # Word "default" is set to extraID, when extraID is not entered.
\r
182 # #######################################################
\r
186 # <ExtraSet ExtraId="guest">
\r
188 # <Address>192.168.0.1</Address>
\r
189 # <Protocol>pop3s</Protocol>
\r
192 # <Default>1200</Default>
\r
198 # <ExtraSet ExtraId="admin">
\r
200 # <Protocol>pam</Protocol>
\r
205 # <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$">
\r
207 # <Enable>1</Enable>
\r
208 # <Facility>local2</Facility>
\r
216 <!-- ###################################################
\r
217 # ######Documentation about AuthServer setting ######
\r
219 # ########### Format #############
\r
220 # where {a|b}: a or b , [ x ]: x is optional, -x-: x is value
\r
222 # #### TYPE 1 (POP or FTP) ####
\r
224 # <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>
\r
225 # <Address>{-hostname-|-ip_address-}</Address>
\r
226 # [ <Port>-portno-</Port> ]
\r
228 # # AuthOK, if request by <Protocol> is accepted by <Address>.
\r
229 # # Address is FQDN or IP address
\r
230 # # If <Port> is not defined, port number in /etc/services is used.
\r
231 # # pop3s is SSLed pop3
\r
232 # # ftpse is SSLed ftp run in Explicit mode.
\r
233 # # ftpsi is SSLed ftp run in Implicit mode.
\r
235 # #### TYPE 2 (PAM) ####
\r
237 # <Protocol>pam</Protocol>
\r
238 # [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]
\r
241 # # If not define <ServiceName>, "opengate" is used in "pam.conf".
\r
243 # #### TYPE 3 (RADIUS) ####
\r
245 # <Protocol>radius</Protocol>
\r
246 # [ <ConfFile>-path_to_radius_conf-</ConfFile> ]
\r
249 # # If not define <ConfigFile>, "/etc/radius.conf" is used.
\r
251 # #### TYPE 4 (ACCEPT or DENY) ####
\r
253 # <Protocol>{accept|deny}</Protocol>
\r
255 # # The user is accepted or denied without inquiry.
\r
256 # # This setting is prepared for debugging.
\r
258 # ############# Examples ##############
\r
260 # <Address>pop.saga-u.ac.jp</Address>
\r
261 # <Protocol>pop3s</Protocol>
\r
262 # <Port>10000</Port>
\r
266 # <Address>192.168.0.1</Address>
\r
267 # <Protocol>ftpsi</Protocol>
\r
271 # <Protocol>radius</Protocol>
\r
275 # <Protocol>pam</Protocol>
\r
277 # ######################################
\r