PingID Administration Guide

PingID SSH configuration file parameters

You can configure the behavior of the PingID SSH agent by modifying the configuration file.

The PingID SSH configuration file, pingid.conf, is usually located under /usr/etc/pingid.

The following table describes the configuration parameters and their valid and default values.

PingID SSH Configuration File Parameters
Parameter Description Valid Values Default Values

verbose

Toggle extended logging.

true, false

false

log_file

Define a file name and path for the pingid log file.

Full path of the log file.

None. Messages are written to the system log.

policy_user_not_registered

Set the policy for users that are not registered.

  • register: Start the registration (onboarding) process for the user.

  • allow: Allow access without registration.

  • fail: Deny access.

  • grace_fail: Allow access as long as the organization grace period has not passed. After that, deny access.

register

domain_postfix

The suffix to be appended to the user in cases where it should be registered with the full domain name.

The domain suffix. For example, @example.com.

None

max_prompts

The maximum number of prompts the user can receive during the initial registration process.

Any integer from 1 - 10.

8

fail_mode

How to behave if the connection to the PingID service cannot be established.

  • restrictive: only online authentication is permitted. If the PingID server cannot be reached, authentication cannot be carried out.

  • passive_offline_authentication: offline authentication is permitted as a backup method if communication cannot be established with the PingID server

  • enforce_offline_authentication: only offline authentication is used

  • permissive: If the PingID server cannot be reached, bypass authentication.

restrictive

proxy

The URL of the http_proxy or the https_proxy.

None

proxy_verify_cert

  • If set to true, the SSH agent uses the default value for curl option: CURLOPT_SSL_VERIFYPEER

  • If set to false, SSH agent uses 0 value for curl option: CURLOPT_SSL_VERIFYPEER

Relevant only when the proxy option is set.

true, false

false

proxy_ca_file

Path to CA file

Relevant only when the proxy option is set.

Path to CA file

Empty

proxy_user_pwd

If your proxy server requires you to provide a username and password for authentication, use proxy_user_pwd to specify that information.

Relevant only when the proxy option is set.

Provide the username and pasword with a colon in between, for example, proxy_user_pwd=myUserName:myPassword.

If the username or password include a colon, replace the colon in the username/password with %3A

If you specified a value for proxy but do not provide a value forproxy_user_pwd, it is assumed the proxy server does not require a username and password.