Skip to end of banner
Go to start of banner

Authentication configurations

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

The configurations can work for both NMIS and OMK, but is a requisite that SSO is configured first

Supported Versions

  • NMIS 8.7.2

  • opCharts 3.5.1

  • opEvents 2.6.3

  • opConfig 3.5.2

  • opHA 2.2.1

  • opReports 3.4.2?

Limit the number of concurrent user sessions

This feature will limit the number of sessions that a user can open at the same time. 

Some specific considerations:

  • Keep in mind to close the user session. The session time out is for user inactivity: if the user doesn’t let the server know that the sessions should be closed, it does not have other way to know if the session should be closed. 
  • All the user sessions can be removed by using the nmis8 cli tool.

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'max_sessions_enabled' = true/false => False by default
'max_sessions' = 0...N => No default. Should be specified
'session_dir' => '<nmis_var>/nmis_system/user_session', => Don't need to change. Should be the same for OMK and NMIS. 

The number of max sessions can be changed by user. This is a setting modified in the nmis users file, /usr/local/nmis8/conf/Users.nmis:

  'testuser' => {
    'admission' => 'true',
    'groups' => 'network,123,ABC_Corp,Amazon,Any_Company,Branches,Cloud,Core_Network,DataC$
    'privilege' => 'operator',
    'user' => 'testuser',
    'max_sessions' => 10
  },


How to remove the sessions for one user

It is possible to remove all the open session for an user, using the nmis cli tool: 

/usr/local/nmis8/bin/nmis.pl type=clean_sessions user=USERNAME debug=1

if USERNAME = ALL, it will clean the sessions for all the users. 

Block a user not logged in certain period of time

It is possible to block a user if has not logged in for a specified period of time. For example, when set to 3 months, the system will lock an user is has not logged in in the last 3 months. 

  • If an user is not logged in, won't be locked. 
  • The last login time for an user will only be tracked once this versions are update. 

Global configurations

Should be specified in nmis (/usr/local/nmis8/conf/Config.nmis) and omk (/usr/local/omk/conf/opCommon.json) configuration: 

'expire_users' => 'true/false',
'expire_users_after' => 86400 * 90 # Seconds, this is 3 months
'last_login_dir' => '<nmis_var>/nmis_system' => Don't need to change. Should be the same for OMK and NMIS. 

The number of max sessions can be changed by user.

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_at' => 86400 * 30
  },


How to set up one account so the user is never locked

Just set up the user setting to 0. 

In /usr/local/nmis8/conf/Users.nmis:

  'nmis' => {
    'admission' => 'true',
    'groups' => 'all',
    'privilege' => 'administrator',
    'user' => 'nmis'
    'expire_at' => 0
  },


How to unlock an user

You can use the nmis cli tool. It should be run as root:

sudo /usr/local/nmis8/bin/nmis.pl type=unlock_user user=USERNAME debug=1



  • No labels