# Parameters in `security_vars.yml` and `omnia_security_config.yml` Configure the below parameters to set up security on the Control Plane (`/control_plane/input_params/security_vars.yml`) and Login Node (`omnia_security_config.yml`) | Variables [Required/ Optional] | **Default**, Accepted values | Description | |--------------------------------------------------------------------------------------|-------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | domain_name | **omnia.test** | The domain name should not contain an underscore ( _ ) | | realm_name | **OMNIA.TEST** | The realm name should follow the following rules per https://www.freeipa.org/page/Deployment_Recommendations
* The realm name must not conflict with any other existing Kerberos realm name (e.g. name used by Active Directory).
* The realm name should be upper-case (EXAMPLE.COM) version of primary DNS domain name (example.com). | | max_failures | **3** | Failures allowed before lockout.
This value cannot currently be changed. | | failure_reset_interval | **60** | Period (in seconds) after which the number of failed login attempts is reset
Accepted Values: 30-60 | | lockout_duration | **10** | Period (in seconds) for which users are locked out.
Accepted Values: 5-10 | | session_timeout | **180** | Period (in seconds) after which idle users get logged out automatically
Accepted Values: 30-90 | | alert_email_address | | Email address used for sending alerts in case of authentication failure. Currently, only one email address is supported in this field.
If this variable is left blank, authentication failure alerts will be disabled. | | user | | Array of users that are allowed or denied based on the `allow_deny` value. Multiple users must be separated by a space. Accepted user value formats are: root root@xx.xx.xx.xx.
__Note:__ If IPs are to be specified in the user value, ensure that every IP associated with the host (often 2 or more) in question is listed in the user list.
__Eg:__ For a host with IPs xx.xx.xx.xx and yy.yy.yy.yy where root is to be restricted, the user array will contain root@xx.xx.xx.xx root@yy.yy.yy.yy | | allow_deny | **Allow** | This variable sets whether the user list is Allowed or Denied.
Accepted Values: Allow, Deny | | restrict_program_support | **false** | This variable sets whether the network services/protocols listed in `restrict_softwares` are to be blocked. | | restrict_softwares | | Array of services/protocols to be blocked by Omnia. Values are to be separated by commas.
Accepted values: telnet,lpd,bluetooth,rlogin,rexec
Non Accepted values: ftp,smbd,nmbd,automount,portmap | >> __Note:__ The same parameters are also available in `omnia_security_config.yml` to configure security for the Login Node.