The PingID SSH configuration file, pingid.conf, is usually located under /usr/etc/pingid.

The following table describes the configuration parameters and their valid and default values.

PingID SSH Configuration File Parameters
Parameter Description Valid Values Default Values
verbose

Toggle extended logging.

true, false false
log_file

Define a file name and path for the pingid log file.

Full path of the log file.

None. Messages are written to the system log.

policy_user_not_registered

Set the policy for users that are not registered.

  • register: Start the registration (onboarding) process for the user.
  • allow: Allow access without registration.
  • fail: Deny access.
  • grace_fail: Allow access as long as the organization grace period has not passed. After that, deny access.
register
domain_postfix

The suffix to be appended to the user in cases where it should be registered with the full domain name.

The domain suffix. For example, @example.com.

None

max_prompts

The maximum number of prompts the user can receive during the initial registration process.

Any integer from 1 - 10.

8
fail_mode

How to behave if the connection to the PingID service cannot be established.

  • restrictive: only online authentication is permitted. If the PingID server cannot be reached, authentication cannot be carried out.
  • passive_offline_authentication: offline authentication is permitted as a backup method if communication cannot be established with the PingID server
  • enforce_offline_authentication: only offline authentication is used
  • permissive: If the PingID server cannot be reached, bypass authentication.
restrictive
proxy

The URL of the http_proxy or the https_proxy.

None

proxy_verify_cert (1)(2)

See (2) below

true, false false
proxy_ca_file (1)

Path to CA file

Path to CA file

Empty

Notes to proxy items

  1. These configuration options take effect only when the proxy option is set.
  2. If proxy_verify_cert is
    • true then the SSH agent uses the default value for curl option: CURLOPT_SSL_VERIFYPEER
    • false then the SSH agent uses 0 value for curl option: CURLOPT_SSL_VERIFYPEER