2 <Opengate ConfigVersion="1.4.9">
4 <!-- #################################################
5 # ####### NEED TO MODIFY FOLLOWING PARAMETERS ##### -->
7 <!-- opengate gateway server hostname(FQDN or IP address) -->
9 <OpengateServerName>opengate.og.saga-u.ac.jp</OpengateServerName>
11 <!-- Authentication server -->
12 <!-- The AuthServer format is documented at the end of this file -->
15 <Address>192.168.0.2</Address>
16 <Protocol>pop3s</Protocol>
19 <!-- ##########################################################
20 # #### usually, need not to modify following parameters #### -->
22 <!-- ###################################################
23 # if you want to switch parameters with userID or extraID
24 # (entered by user as [userID@extraID] in auth page),
25 # see the information of ExtraSet at the end of this file.
26 # ################################################### -->
28 <!-- Set 0 to write only open/close and error messages to syslog -->
29 <!-- Set 1 to write some information adding to 0 -->
30 <!-- Set 2 to write many information to syslog -->
33 <!-- client usage watch mode in default('Java', 'Http', or 'Time') -->
34 <WatchMode>Http</WatchMode>
36 <!-- Syslog (local0, local1, .., local7)-->
39 <Facility>local1</Facility>
42 <!-- Allowable duration for users to use network(seconds) -->
43 <!-- If no connection with java/http, network is closed after this. -->
45 <Default>1200</Default>
49 <!-- Client Live Check (seconds) -->
50 <!-- In JAVA connection, send HELLO and get reply. -->
51 <!-- In HTTP connection, existance of HELLO request. -->
52 <!-- In no connection, check mac address mismatch and no packet. -->
54 <Interval>600</Interval>
55 <NoPacketInterval>5400</NoPacketInterval>
58 <!-- Watch client with Http Keep-Alive -->
60 <!-- HTTP_USER_AGENT ignoring http watch mode -->
61 <!-- defined by "POSIX Extended Regular Expression" -->
62 <SkipAgentPattern>^$</SkipAgentPattern>
65 <!-- Watch client with Java Applet -->
67 <!-- HTTP_USER_AGENT ignoring java watch mode -->
68 <!-- defined by "POSIX Extended Regular Expression" -->
69 <SkipAgentPattern>^$</SkipAgentPattern>
72 <!-- IPFW rule number range used by opengate -->
76 <Interval>2</Interval>
79 <!-- IP6FW rule number range used by opengate -->
83 <Interval>2</Interval>
86 <!-- Port number range used by opengate -->
92 <!-- communication reply timeout(second) -->
93 <CommWaitTimeout>10</CommWaitTimeout>
95 <!-- http reconnect timeout(second) -->
96 <ReconnectTimeout>10</ReconnectTimeout>
98 <!-- ipfw exclusive exec lock timeout (second) -->
99 <LockTimeout>10</LockTimeout>
101 <!-- max delay from fwd.cgi to auth.cgi (second) -->
102 <ForwardingDelay>300</ForwardingDelay>
105 <!-- Available HTML languages (first lang is used as default) -->
106 <HtmlLangs>en ja</HtmlLangs>
108 <!-- Path to Apache Contents -->
109 <DocumentRoot>/usr/local/www/data</DocumentRoot>
110 <CgiDir>/cgi-bin</CgiDir>
111 <OpengateDir>/opengate</OpengateDir>
113 <!-- HTML Documents (in each language dir)-->
114 <DenyDoc>deny.html</DenyDoc>
115 <DenyDocSsl>deny-ssl.html</DenyDocSsl>
116 <AcceptDocHttp>accept-http.html</AcceptDocHttp>
117 <AcceptDocJava>accept-java.html</AcceptDocJava>
118 <AcceptDocTime>accept-time.html</AcceptDocTime>
119 <AcceptDoc2>accept2.html</AcceptDoc2>
120 <AuthDoc>index.html</AuthDoc>
121 <AuthDocSsl>index-ssl.html</AuthDocSsl>
122 <FwdDoc>topindex.html</FwdDoc>
123 <RetryDoc>retry.html</RetryDoc>
124 <HttpKeepDoc>httpkeep.html</HttpKeepDoc>
126 <!-- CGI programs -->
127 <AuthCgi>opengateauth.cgi</AuthCgi>
128 <FwdCgi>opengatefwd.cgi</FwdCgi>
129 <MainCgi>opengatesrv.cgi</MainCgi>
131 <!-- Java Script (in opengate dir) -->
132 <HttpKeepJS>httpkeep.js</HttpKeepJS>
133 <Md5JS>md5.js</Md5JS>
135 <!-- URL used to retry -->
136 <ExternalUrl>http://www.google.com/</ExternalUrl>
138 <!-- Url to start browsing after authentication -->
139 <!-- if type=0, use acceptdoc2. if type=1, use below url -->
142 <Url>http://www.yahoo.com/</Url>
145 <!-- Related command path -->
146 <ArpPath>/usr/sbin/arp</ArpPath>
147 <NdpPath>/usr/sbin/ndp</NdpPath>
148 <IpfwPath>/sbin/ipfw</IpfwPath>
149 <Ip6fwPath>/sbin/ip6fw</Ip6fwPath>
150 <PsPath>/bin/ps</PsPath>
152 <!-- Ipfw is opened via perl script(1) or direct from C(0) -->
155 <Path>/etc/opengate/ipfwctrl.pl</Path>
158 <!-- Ip6fw is opened via perl script(1) or direct from C(0) -->
161 <Path>/etc/opengate/ipfwctrl.pl</Path>
164 <!-- Lock file for exclusive exec to prevent overlapped rule number -->
165 <LockFile>/tmp/opengate.lock</LockFile>
167 <!-- Separate char between userID and extraID [userID@extraID] -->
168 <UserIdSeparator>@</UserIdSeparator>
170 <!-- ##########################################################
171 # #### ExtraSet overwritten on default settings ####
173 # If you want to switch parameter values
174 # by userID and extraID entered as [userID@extraID],
177 # If entered as [userID], above default parameters are used.
178 # If entered as [iserID@extraID] and matched set exists,
179 # the paremeters in the set is overwriten on the above default.
180 # The first matched extra set is used.
183 # First ExtraSet is used when user entered as [anyuser@guest],
184 # where "anyuser" is every userID.
185 # Second ExtraSet is used when [anyuser@admin].
186 # Third ExtraSet is used when [user1] or [user2].
188 # UserIdPattern is the "POSIX Extended Regular Expression".
189 # Matching is insensitive to upper/lower case.
191 # Word "default" is set to extraID, when extraID is not entered.
192 # #######################################################
196 # <ExtraSet ExtraId="guest">
198 # <Address>192.168.0.1</Address>
199 # <Protocol>pop3s</Protocol>
202 # <Default>1200</Default>
208 # <ExtraSet ExtraId="admin">
210 # <Protocol>pam</Protocol>
215 # <ExtraSet ExtraId="default" UserIdPattern="^user1$|^user2$">
218 # <Facility>local2</Facility>
226 <!-- ###################################################
227 # ######Documentation about AuthServer setting ######
229 # ########### Format #############
230 # where {a|b}: a or b , [ x ]: x is optional, -x-: x is value
232 # #### TYPE 1 (POP or FTP) ####
234 # <Protocol>{pop3|pop3s|ftp|ftpse|ftpsi}</Protocol>
235 # <Address>{-hostname-|-ip_address-}</Address>
236 # [ <Port>-portno-</Port> ]
238 # # AuthOK, if request by <Protocol> is accepted by <Address>.
239 # # Address is FQDN or IP address
240 # # If <Port> is not defined, port number in /etc/services is used.
241 # # pop3s is SSLed pop3
242 # # ftpse is SSLed ftp run in Explicit mode.
243 # # ftpsi is SSLed ftp run in Implicit mode.
245 # #### TYPE 2 (PAM) ####
247 # <Protocol>pam</Protocol>
248 # [ <ServiceName>-servicename_in_pam_conf-</ServiceName> ]
251 # # If not define <ServiceName>, "opengate" is used in "pam.conf".
253 # #### TYPE 3 (RADIUS) ####
255 # <Protocol>radius</Protocol>
256 # [ <ConfFile>-path_to_radius_conf-</ConfFile> ]
259 # # If not define <ConfigFile>, "/etc/radius.conf" is used.
261 # #### TYPE 4 (ACCEPT or DENY) ####
263 # <Protocol>{accept|deny}</Protocol>
265 # # The user is accepted or denied without inquiry.
266 # # This setting is prepared for debugging.
268 # ############# Examples ##############
270 # <Address>pop.saga-u.ac.jp</Address>
271 # <Protocol>pop3s</Protocol>
276 # <Address>192.168.0.1</Address>
277 # <Protocol>ftpsi</Protocol>
281 # <Protocol>radius</Protocol>
285 # <Protocol>pam</Protocol>
287 # ######################################