SSP

1. [root@awsvirprolapp01 httpd]# cat /usr/share/self-service-password/conf/config.inc.php
2. <?php
3. #==============================================================================
4. # LTB Self Service Password
5. #
6. # Copyright (C) 2009 Clement OUDOT
7. # Copyright (C) 2009 LTB-project.org
8. #
9. # This program is free software; you can redistribute it and/or
10. # modify it under the terms of the GNU General Public License
11. # as published by the Free Software Foundation; either version 2
12. # of the License, or (at your option) any later version.
13. #
14. # This program is distributed in the hope that it will be useful,
15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17. # GNU General Public License for more details.
18. #
19. # GPL License: http://www.gnu.org/licenses/gpl.txt
20. #
21. #==============================================================================
22.  
23. #==============================================================================
24. # Configuration
25. #==============================================================================
26.  
27. # Debug mode
28. # true: log and display any errors or warnings (use this in configuration/testing)
29. # false: log only errors and do not display them (use this in production)
30. $debug = true;
31.  
32. # LDAP
33. $ldap_url = "ldap://ldap.xxxxxxx.com";
34. $ldap_starttls = true;
35. $ldap_binddn = "uid=user,ou=Users,ou=Brazil,dc=xxxxxxx,dc=com";
36. $ldap_bindpw = "password";
37. $ldap_base = "dc=xxxxxxx,dc=com";
38. $ldap_login_attribute = "uid";
39. $ldap_fullname_attribute = "cn";
40. $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
41.  
42. # Active Directory mode
43. # true: use unicodePwd as password field
44. # false: LDAPv3 standard behavior
45. $ad_mode = false;
46. # Force account unlock when password is changed
47. $ad_options['force_unlock'] = false;
48. # Force user change password at next login
49. $ad_options['force_pwd_change'] = false;
50. # Allow user with expired password to change password
51. $ad_options['change_expired_password'] = false;
52.  
53. # Samba mode
54. # true: update sambaNTpassword and sambaPwdLastSet attributes too
55. # false: just update the password
56. $samba_mode = false;
57. # Set password min/max age in Samba attributes
58. #$samba_options['min_age'] = 5;
59. #$samba_options['max_age'] = 45;
60.  
61. # Shadow options - require shadowAccount objectClass
62. # Update shadowLastChange
63. $shadow_options['update_shadowLastChange'] = false;
64. $shadow_options['update_shadowExpire'] = false;
65.  
66. # Default to -1, never expire
67. $shadow_options['shadow_expire_days'] = -1;
68.  
69. # Hash mechanism for password:
70. # SSHA, SSHA256, SSHA384, SSHA512
71. # SHA, SHA256, SHA384, SHA512
72. # SMD5
73. # MD5
74. # CRYPT
75. # clear (the default)
76. # auto (will check the hash of current password)
77. # This option is not used with ad_mode = true
78. $hash = "MD5Crypt";
79.  
80. # Prefix to use for salt with CRYPT
81. $hash_options['crypt_salt_prefix'] = "$6$";
82. $hash_options['crypt_salt_length'] = "6";
83.  
84. # Local password policy
85. # This is applied before directory password policy
86. # Minimal length
87. $pwd_min_length = 0;
88. # Maximal length
89. $pwd_max_length = 0;
90. # Minimal lower characters
91. $pwd_min_lower = 0;
92. # Minimal upper characters
93. $pwd_min_upper = 0;
94. # Minimal digit characters
95. $pwd_min_digit = 0;
96. # Minimal special characters
97. $pwd_min_special = 0;
98. # Definition of special characters
99. $pwd_special_chars = "^a-zA-Z0-9";
100. # Forbidden characters
101. #$pwd_forbidden_chars = "@%";
102. # Don't reuse the same password as currently
103. $pwd_no_reuse = false;
104. # Check that password is different than login
105. $pwd_diff_login = true;
106. # Complexity: number of different class of character required
107. $pwd_complexity = 0;
108. # Show policy constraints message:
109. # always
110. # never
111. # onerror
112. $pwd_show_policy = "never";
113. # Position of password policy constraints message:
114. # above - the form
115. # below - the form
116. $pwd_show_policy_pos = "above";
117.  
118. # Who changes the password?
119. # Also applicable for question/answer save
120. # user: the user itself
121. # manager: the above binddn
122. $who_change_password = "manager";
123.  
124. ## Standard change
125. # Use standard change form?
126. $use_change = true;
127.  
128. ## SSH Key Change
129. # Allow changing of sshPublicKey?
130. $change_sshkey = false;
131.  
132. # What attribute should be changed by the changesshkey action?
133. $change_sshkey_attribute = "sshPublicKey";
134.  
135. # Who changes the sshPublicKey attribute?
136. # Also applicable for question/answer save
137. # user: the user itself
138. # manager: the above binddn
139. $who_change_sshkey = "user";
140.  
141. # Notify users anytime their sshPublicKey is changed
142. ## Requires mail configuration below
143. $notify_on_sshkey_change = false;
144.  
145. ## Questions/answers
146. # Use questions/answers?
147. # true (default)
148. # false
149. $use_questions = false;
150.  
151. # Answer attribute should be hidden to users!
152. $answer_objectClass = "extensibleObject";
153. $answer_attribute = "info";
154.  
155. # Extra questions (built-in questions are in lang/$lang.inc.php)
156. #$messages['questions']['ice'] = "What is your favorite ice cream flavor?";
157.  
158. ## Token
159. # Use tokens?
160. # true (default)
161. # false
162. $use_tokens = true;
163. # Crypt tokens?
164. # true (default)
165. # false
166. $crypt_tokens = true;
167. # Token lifetime in seconds
168. $token_lifetime = "3600";
169.  
170. ## Mail
171. # LDAP mail attribute
172. $mail_attribute = "mail";
173. # Get mail address directly from LDAP (only first mail entry)
174. # and hide mail input field
175. # default = false
176. $mail_address_use_ldap = false;
177. # Who the email should come from
178. $mail_from = "support@xxxxxxx.com";
179. $mail_from_name = "XXX Self Service Password System";
180. $mail_signature = "";
181. # Notify users anytime their password is changed
182. $notify_on_change = true;
183. # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
184. $mail_sendmailpath = '/usr/sbin/sendmail';
185. $mail_protocol = 'smtp';
186. $mail_smtp_debug = 0;
187. $mail_debug_format = 'html';
188. $mail_smtp_host = 'mail.xxxxxxxxxxxxx.com';
189. $mail_smtp_auth = false;
190. $mail_smtp_user = '';
191. $mail_smtp_pass = '';
192. $mail_smtp_port = 25;
193. $mail_smtp_timeout = 30;
194. $mail_smtp_keepalive = false;
195. $mail_smtp_secure = 'tls';
196. $mail_contenttype = 'text/plain';
197. $mail_wordwrap = 0;
198. $mail_charset = 'utf-8';
199. $mail_priority = 3;
200. $mail_newline = PHP_EOL;
201.  
202. ## SMS
203. # Use sms
204. $use_sms = false;
205. # SMS method (mail, api)
206. $sms_method = "mail";
207. $sms_api_lib = "lib/smsapi.inc.php";
208. # GSM number attribute
209. $sms_attribute = "mobile";
210. # Partially hide number
211. $sms_partially_hide_number = true;
212. # Send SMS mail to address
213. $smsmailto = "{sms_attribute}@service.provider.com";
214. # Subject when sending email to SMTP to SMS provider
215. $smsmail_subject = "Provider code";
216. # Message
217. $sms_message = "{smsresetmessage} {smstoken}";
218. # Remove non digit characters from GSM number
219. $sms_sanitize_number = false;
220. # Truncate GSM number
221. $sms_truncate_number = false;
222. $sms_truncate_number_length = 10;
223. # SMS token length
224. $sms_token_length = 6;
225. # Max attempts allowed for SMS token
226. $max_attempts = 3;
227.  
228. # Encryption, decryption keyphrase, required if $crypt_tokens = true
229. # Please change it to anything long, random and complicated, you do not have to remember it
230. # Changing it will also invalidate all previous tokens and SMS codes
231. $keyphrase = "PQrTfekmLj1FhTj";
232.  
233. # Reset URL (if behind a reverse proxy)
234. #$reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME'];
235.  
236. # Display help messages
237. $show_help = true;
238.  
239. # Default language
240. $lang = "en";
241.  
242. # List of authorized languages. If empty, all language are allowed.
243. # If not empty and the user's browser language setting is not in that list, language from $lang will be used.
244. $allowed_lang = array();
245.  
246. # Display menu on top
247. $show_menu = false;
248.  
249. # Logo
250. $logo = "images/XXX.gif";
251.  
252. # Background image
253. #$background_image = "images/unsplash-space.jpeg";
254.  
255. # Where to log password resets - Make sure apache has write permission
256. # By default, they are logged in Apache log
257. $reset_request_log = "/var/log/self-service-password";
258.  
259. # Invalid characters in login
260. # Set at least "*()&|" to prevent LDAP injection
261. # If empty, only alphanumeric characters are accepted
262. $login_forbidden_chars = "*()&|";
263.  
264. ## CAPTCHA
265. # Use Google reCAPTCHA (http://www.google.com/recaptcha)
266. $use_recaptcha = true;
267. # Go on the site to get public and private key
268. $recaptcha_publickey = "xxxxxxx-xxxxxx";
269. $recaptcha_privatekey = "xxxxxxxXxxxxxx";
270.  
271. # Customization (see https://developers.google.com/recaptcha/docs/display)
272. $recaptcha_theme = "light";
273. $recaptcha_type = "image";
274. $recaptcha_size = "normal";
275. # reCAPTCHA request method, null for default, Fully Qualified Class Name to override
276. # Useful when allow_url_fopen=0 ex. $recaptcha_request_method = '\ReCaptcha\RequestMethod\CurlPost';
277. $recaptcha_request_method = null;
278.  
279. ## Default action
280. # change
281. # sendtoken
282. # sendsms
283. $default_action = "change";
284.  
285. ## Extra messages
286. # They can also be defined in lang/ files
287. #$messages['passwordchangedextramessage'] = NULL;
288. #$messages['changehelpextramessage'] = NULL;
289.  
290. # Launch a posthook script after successful password change
291. $posthook = "/usr/share/self-service-password/posthook.sh";