# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

# This variable is used to accept the domain name the user intends to configure
# Eg: ipa.test
domain_name: "omnia.test"

# A Kerberos realm is the domain over which a Kerberos authentication server has
# the authority to authenticate a user, host or service.
# A realm name is often, but not always the upper case version of the name of the
# DNS domain over which it presides
realm_name: "OMNIA.TEST"

# Maximum number of consecutive failures before lockout
# The default value of this variable can't be changed
# Default value: 3
max_failures: 3

# Period (in seconds) after which the number of failed login attempts is reset
# Default value: 60
# Min: 30
# Max: 60
failure_reset_interval: 60

# Period (in seconds) for which users are locked out 
# Default value: 10
# Min: 5
# Max: 10
lockout_duration: 10

# User sessions that have been idle for a specific period can be ended automatically
# This variable sets session timeout to 3 minutes (180 seconds) by default
# Min: 90
# Max: 180
session_timeout: 180

# Email address used for sending alerts in case of authentication failure
# If this variable is left blank, authentication failure alerts will be disabled.
# Currently, only one email ID is accepted in this field
alert_email_address: ""

# This variable mentions the users to whom the access will be provided
# format of user shall be username@ip or username 
# Ex1- root@1.2.3.4 Ex2- root Ex3- root@1.2.3.4 root (if multiple user, provide space seperated values) by default empty
user: ''

# This variable provides the type of access
# Accepted values: "Allow" or "Deny"
# Default value: "Allow"
allow_deny: "Allow"

# This variable is used to disable services.
# Accepted values: "true" or "false". 
# Default value: false  
# Root access is needed.
restrict_program_support: false

# The below mentioned services can be disabled, by adding values in comma separated values format for restrict_softwares variable
# Services: telnet,lpd,bluetooth,rlogin,rexec
# Ex: restrict_softwares: 'telnet,rlogin,bluetooth' ( This disables 3 services, to disable more services, add services with comma separation. )
restrict_softwares: ''