# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- # This variable is used to accept the domain name the user intends to configure # Eg: ipa.test domain_name: "omnia.test" # A Kerberos realm is the domain over which a Kerberos authentication server has # the authority to authenticate a user, host or service. # A realm name is often, but not always the upper case version of the name of the # DNS domain over which it presides realm_name: "OMNIA.TEST" # Maximum number of consecutive failures before lockout # The default value of this variable can't be changed # Default value: 3 max_failures: 3 # Period (in seconds) after which the number of failed login attempts is reset # Default value: 60 # Min: 30 # Max: 60 failure_reset_interval: 60 # Period (in seconds) for which users are locked out # Default value: 10 # Min: 5 # Max: 10 lockout_duration: 10 # User sessions that have been idle for a specific period can be ended automatically # This variable sets session timeout to 3 minutes (180 seconds) by default # Min: 90 # Max: 180 session_timeout: 180 # Email address used for sending alerts in case of authentication failure # If this variable is left blank, authentication failure alerts will be disabled. # Currently, only one email ID is accepted in this field alert_email_address: "" # This variable mentions the users to whom the access will be provided # format of user shall be username@ip or username # Ex1- root@1.2.3.4 Ex2- root Ex3- root@1.2.3.4 root (if multiple user, provide space seperated values) by default empty user: '' # This variable provides the type of access # Accepted values: "Allow" or "Deny" # Default value: "Allow" allow_deny: "Allow" # This variable is used to disable services. # Accepted values: "true" or "false". # Default value: false # Root access is needed. restrict_program_support: false # The below mentioned services can be disabled, by adding values in comma separated values format for restrict_softwares variable # Services: telnet,lpd,bluetooth,rlogin,rexec # Ex: restrict_softwares: 'telnet,rlogin,bluetooth' ( This disables 3 services, to disable more services, add services with comma separation. ) restrict_softwares: ''