CONFIG AUTH SHOW

Level

base

History

guest authentication appears in 1.0.0
realbind disappears in 3.0.0
timeout, btimeout, retry, bretry and VSAusergroup appear in 4.3.0
methods parameter appears in 4.5.0

Description

Show authentication configuration.

Usage

[methods=<methods>]: Filter the returned sections, available sections are: config, caverifylist, cipher, radius, ssl, kerberos, spnego, guest, sponsor, voucher, totp, tsagent

Returns

[config]
anonymised : show/hide the logo in the authentication page
SslCertificate : refer key/certificate entry on 'key' file
internal : internal interface configuration
external : external interface configuration

[CAVerifyList]
Number=0

[radius]
state : status of this method
host : radius server hostname
port : radius port
pencoding : radius server charset encoding
bhost : radius backup server hostname
bport : radius backup port
bencoding : radius backup server charset encoding
presharedkey : key used for encrypting exchanges between the firewall and the RADIUS server
bpresharedkey : key used for encrypting exchanges between the firewall and the Backup RADIUS server
timeout : timeout in milliseconds when authenticating on the RADIUS server
btimeout : timeout in milliseconds when authenticating on the backup RADIUS server
retry: number of retries when authenticating on the RADIUS server
bretry: number of retries when authenticating on the backup RADIUS server
VSAusergroup: 1 if user group VSA support if enabled, 0 otherwise

[ssl]
state : status of this method
CertificateIdentifier : field in certificate to match
LdapIdentifier : field in LDAP to match

[kerberos]
state : status of this method
domain : Kerberos realm (domain) name
pkdc_host : Primary KDC host address
pkdc_port : Primary KDC port (default 88)
bkdc_host : Backup KDC host address
bkdc_port : Backup KDC port (default 88)

[spnego]
state : status of this method
domain : Windows domain name
principal : Principal service name

[agent]
State : activate or not the agent
Mscontroler : object name of the Microsoft domain controller
MsbackupControler : object name of the second Microsoft domain controller
Directory : name of the LDAP directory to use
MaxLogonTime : maximum time in seconds for the authentication
Probe : activate or not the user logout probing
ProbeMethod : comma separated list of probing methods (arp, icmp, nbstat, registery, ...)
ProbeTimeout : maximum time in seconds for not responding stations
BindAddr : the IP address of the source connection
AgentAddr : the IP address of the agent
AgentPort : the port of the agent
AgentPassword : the password of the agent
BackupAddr : the IP address of the backup agent
BackupPort : the port of the backup agent
BackupPassword : the password of the backup agent
DomainName : the filter to be applied on logon events

[guest]
state : activate or not the guest method
LogonTime : Time in seconds for re-authentication
Disclaimertime : Time in seconds for disclaimer revalidation

[totp]
State=0
Digits=8
Period=30
MaxOffset=3
Algorithm=SHA1
AuthSslVpn=1
AuthCaptive=1
AuthWebadmin=1
AuthConsole=1
AuthIpsec=1