PingID SSH configuration file parameters

Page created: 3 Jun 2020 |

Page updated: 29 Nov 2020

| 1 min read

PingId Product

You can configure the behavior of the PingID SSH agent by modifying the configuration file.

The PingID SSH configuration file, pingid.conf, is usually located under /usr/etc/pingid.

The following table describes the configuration parameters and their valid and default values.

PingID SSH Configuration File Parameters
Parameter	Description	Valid Values	Default Values
verbose	Toggle extended logging.	true, false	false
log_file	Define a file name and path for the pingid log file.	Full path of the log file.	None. Messages are written to the system log.
policy_user_not_registered	Set the policy for users that are not registered.	register: Start the registration (onboarding) process for the user. allow: Allow access without registration. fail: Deny access. grace_fail: Allow access as long as the organization grace period has not passed. After that, deny access.	register
domain_postfix	The suffix to be appended to the user in cases where it should be registered with the full domain name.	The domain suffix. For example, @example.com.	None
max_prompts	The maximum number of prompts the user can receive during the initial registration process.	Any integer from 1 - 10.	8
fail_mode	How to behave if the connection to the PingID service cannot be established.	restrictive: deny access permissive: allow access	restrictive
proxy	The URL of the http_proxy or the https_proxy.		None
proxy_verify_cert (1)(2)	See (2) below	true, false	false
proxy_ca_file (1)	Path to CA file	Path to CA file	Empty

Notes to `proxy` items

These configuration options take effect only when the proxy option is set.
If proxy_verify_cert is
- true then the SSH agent uses the default value for curl option: CURLOPT_SSL_VERIFYPEER
- false then the SSH agent uses 0 value for curl option: CURLOPT_SSL_VERIFYPEER