The PingID SSH configuration file, pingid.conf, is usually located under /usr/etc/pingid.

The following table describes the configuration parameters and their valid and default values.

PingID SSH Configuration File Parameters
Parameter Description Valid Values Default Values

Toggle extended logging.

true, false false

Define a file name and path for the pingid log file.

Full path of the log file.

None. Messages are written to the system log.


Set the policy for users that are not registered.

  • register: Start the registration (onboarding) process for the user.
  • allow: Allow access without registration.
  • fail: Deny access.
  • grace_fail: Allow access as long as the organization grace period has not passed. After that, deny access.

The suffix to be appended to the user in cases where it should be registered with the full domain name.

The domain suffix. For example,



The maximum number of prompts the user can receive during the initial registration process.

Any integer from 1 - 10.


How to behave if the connection to the PingID service cannot be established.

  • restrictive: only online authentication is permitted. If the PingID server cannot be reached, authentication cannot be carried out.
  • passive_offline_authentication: offline authentication is permitted as a backup method if communication cannot be established with the PingID server
  • enforce_offline_authentication: only offline authentication is used
  • permissive: If the PingID server cannot be reached, bypass authentication.

The URL of the http_proxy or the https_proxy.


proxy_verify_cert (1)(2)

See (2) below

true, false false
proxy_ca_file (1)

Path to CA file

Path to CA file


Notes to proxy items

  1. These configuration options take effect only when the proxy option is set.
  2. If proxy_verify_cert is
    • true then the SSH agent uses the default value for curl option: CURLOPT_SSL_VERIFYPEER
    • false then the SSH agent uses 0 value for curl option: CURLOPT_SSL_VERIFYPEER