DOCSLIB.ORG

Configuration Management with Newfig William Lefebvre and David Snyder – CNN Internet Technologies

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Configuration Management with Newfig William Lefebvre and David Snyder – CNN Internet Technologies Auto-configuration by File Construction: Configuration Management with Newfig William LeFebvre and David Snyder – CNN Internet Technologies ABSTRACT A tool is described that provides for the automatic configuration of systems from a single description. The tool, newfig, uses two simple concepts to provide its functionality: boolean logic for making decisions and file construction for generating the files. Newfig relies heavily on external scripts for anything beyond the construction of files. This simple yet powerful design provides a mechanism that can easily build on other tools rather than a single monolithic stand- alone program. This provides for a great deal of flexibility while maintaining simplicity. The language is a combination of boolean logic and output statements, and also provides for macros and other essential elements. All output is written to channels: an abstraction which provides for extensive configurability. Examples are provided that show the tool’s power and flexibility. A description is also provided of the efforts undergone at CNN to integrate this tool in to a sizable infrastructure. The paper concludes with a discussion of future improvements. Introduction When we sought out a tool for automated sys- tems configuration, we were looking for certain prop- As the number of systems in an infrastructure grows, the administration problem grows with it. erties that we believe would be beneficial in our envi- Unless the engineering staff grows accordingly, at some ronment. We wanted the system to be idempotent, point the management of the systems will need to be congruent, deterministic, transportable, extensible, and automated. This realization is nothing new, and several fail-safe. We wanted a specification language that was successful tools have been developed to meet this need. both clear and concise, to minimize training and maxi- mize understanding. When a tool could not be found Configuration data used by a system to control that met all of these criteria, we set out to design a how it behaves can be broken down into three basic new solution to the problem. The result, newfig, takes categories: information which is unique to a system, a new approach to the problem while providing all of information which is common to a proper subset of the qualities that we believe are important. As a result, systems, and information which is common to all sys- very little is built in to newfig. Instead it is a frame- tems in the infrastructure. Unique information includes work which can utilize other tools and scripts to a system’s hostname, local disk partitions, and network accomplish results. Rather than provide a wide range address assignments. Global information includes such files as /etc/services and /etc/networks. The partially of built-in mechanisms, newfig uses file construction global information is the most interesting: it is com- as its only primitive operation. Its configuration is a mon across systems which share a similar function but purely declarative language based on boolean logic. not necessarily others. The task of configuring a sys- The files that newfig constructs, called channels, can tem requires that all of this information be in place and be used to replace existing files on the system or as correct. The most complicating factor in achieving a input to external programs (including scripts). As a correct configuration is in the management of files result, the system is naturally extensible. Newfig is which combine data from more than one category. used to generate input for and monitor the execution of the programs and scripts which perform the actual A file that only contains unique data can be modifications to the system. It provides a structure copied into place when a system is installed. Such files around which system administrators can do what they are rarely touched after system installation. Files that do best: automate through scripting. We believe that contain only global information can be easily updated from a central repository. Likewise, files that contain the resulting system meets all our initial design goals partially global information can be updated from a cen- and provides us with an excellent platform for auto- tral authority provided there is some mechanism that mated configuration. distinguishes among the different classes of systems Related Work and is able to determine which data are appropriate for the system. However, when a file contains a mixture of Prescriptions [8] is a declarative language for these data categories, its maintenance becomes signifi- describing the desired state of configuration for dis- cantly more difficult. This is most noticeable in files tributed systems. It provides mechanisms for specify- such as fstab, inetd.conf, hosts.allow, rc script directo- ing operations that may be used to bring systems into ries, and sometimes passwd. conformance with a specification. However, it does 2004 LISA XVIII – November 14-19, 2004 – Atlanta, GA 93 Auto-configuration by File Construction: Configuration Management with Newfig LeFebvre and Snyder not seem to provide mechanisms for file distribution changes is provided to the tool, and it ensures that and synchronization. We have not been able to find those changes are carried out on each system in an recent work on this project since Thornton’s 1994 exact order. ISconf version 2 requires that the descrip- technical report. tion be created and maintained manually, whereas later CFengine [1] is the most widely known work in versions provide more automated ways for generating this area. It is to automated systems configuration the description. The basic premise of ISconf is that what awk(1) is to scripting. The main concepts are ‘‘order matters’’: it is easier to replicate the order in patterns, actions, and an execution context that is man- which operations are conducted than it is to determine aged by an interpreter. It provides a rich body of built- and accommodate the interactions of those operations. in actions, but has little room for expansion beyond Like newfig, ISconf implements congruence. The dif- that set. The configuration drives actions to perform ficulty with ISconf is the monotonic increase to the on a system, whereas newfig provides a description of description and the steps required to recreate a system. the desired target for the system and enforces con- As changes are piled on top of changes, the time formity to that description. CFengine implements con- required to build or rebuild a system continues to vergence by providing a mechanism that brings a sys- increase. Although preservation of the order of tem closer to an ideal. In our environment we sought a changes is sufficient to achieve congruence, it is our tool that implements congruence, which is a tighter belief that it is not necessary. standard than convergence. The idea of file construc- Design tion is not central to CFengine, and a CFengine con- figuration that uses such a methodology tends to be Newfig is a system designed to provide for the cumbersome. CFengine is also not able to remove automatic configuration of individual machines from a changes implicitly: such steps must be explicitly given common description. Boolean algebra is used to con- in the configuration. trol the generation of output to a number of channels. Each channel can be used to control the contents and Psgconf [6] takes a highly modular approach to characteristics of a file. Channels can also be used as configuration management, providing hooks for vari- input to scripts for operations which are more compli- ous data stores, policy rules, and actions. The configu- cated than basic file construction. All channel defini- ration parsing is order dependent, making psgconf a tions are part of the configuration, allowing the func- procedural configuration tool rather than declarative, tionality of newfig to be extended with ease. Newfig is which has some advantages and some drawbacks. designed to be idempotent, transportable, extensible, Site [3] uses declarative statements to describe conformant (rather than convergent), and fail-safe. the configuration of a computing site at three levels of The configuration consists of a series of boolean abstraction. At the lowest levels, drivers written in C phrases interspersed with output statements. Boolean are used to construct the contents of configuration algebra is used as the logical structure for the newfig files. The paper describes a prototype implementation configuration language. Clauses are used to infer the only. In contrast, newfig provides no restrictions on the logical value of a symbol from other symbols. The language used to construct channels, which is good for algebra supports the three basic logical operations: admins who have long since shed their systems pro- and, or, not. Parentheses are also recognized for gramming scales (or never had them to begin with). grouping operations. Between the boolean clauses are PIKT [5] is an interpreted scripting language, statements that send lines to channels. Each channel preprocessor, and scheduler that is primarily intended must be explicitly defined in the configuration along to monitor systems, reporting problems and taking with its characteristics. A channel can be associated corrective action when possible. Over time, it has been with a file, in which case its contents becomes that of extended to include configuration management fea- the file. A channel can also be associated with an tures, but most of the terminology in the language is external command or script, in which case the script is built around monitoring. For example, scheduling used to process the channel’s contents. External com- periodic execution of a script involves adding it to the mands are also used to perform syntax and semantic ‘‘alarms’’ section of the alerts.cfg file. checks of channels’ content to ensure correctness. Radmind [2] takes a file based approach to con- Processing is performed in several distinct figuration management by integrating intrusion detec- phases in newfig: read, intrinsic definition, inference, tion with centralized system management.
Load more

Recommended publications
  • CIS IBM AIX 7.1 Benchmark V1.1.0 - 09-20-2013
    CIS IBM AIX 7.1 Benchmark v1.1.0 - 09-20-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and recommendations (the “SB Products”) as a public service to Internet users worldwide. Downloading or using SB Products in any way signifies and confirms your acceptance of and your binding agreement to these CIS Security Benchmarks Terms of Use. CIS SECURITY BENCHMARKS TERMS OF USE BOTH CIS SECURITY BENCHMARKS DIVISION MEMBERS AND NON-MEMBERS MAY: Download, install, and use each of the SB Products on a single computer, and/or Print one or more copies of any SB Product that is in a .txt, .pdf, .doc, .mcw, or .rtf format, but only if each such copy is printed in its entirety and is kept intact, including without limitation the text of these CIS Security Benchmarks Terms of Use. UNDER THE FOLLOWING TERMS AND CONDITIONS: SB Products Provided As Is. CIS is providing the SB Products “as is” and “as available” without: (1) any representations, warranties, or covenants of any kind whatsoever (including the absence of any warranty regarding: (a) the effect or lack of effect of any SB Product on the operation or the security of any network, system, software, hardware, or any component of any of them, and (b) the accuracy, utility, reliability, timeliness, or completeness of any SB Product); or (2) the responsibility to make or notify you of any corrections, updates, upgrades, or fixes. Intellectual Property and Rights Reserved. You are not acquiring any title or ownership rights in or to any SB Product, and full title and all ownership rights to the SB Products remain the exclusive property of CIS.
    [Show full text]
  • Autoconf.Pdf
    Autoconf Creating Automatic Configuration Scripts for version 2.66, 2 July 2010 David MacKenzie Ben Elliston Akim Demaille This manual (2 July 2010) is for GNU Autoconf (version 2.66), a package for creating scripts to configure source code packages using templates and an M4 macro package. Copyright c 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover texts being \A GNU Manual," and with the Back-Cover Texts as in (a) below. A copy of the license is included in the section entitled \GNU Free Documentation License." (a) The FSF's Back-Cover Text is: \You have the freedom to copy and modify this GNU manual. Buying copies from the FSF supports it in developing GNU and promoting software freedom." i Table of Contents 1 Introduction::::::::::::::::::::::::::::::::::::: 1 2 The GNU Build System:::::::::::::::::::::::: 3 2.1 Automake:::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.2 Gnulib ::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 3 2.3 Libtool::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4 2.4 Pointers:::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4 3 Making configure Scripts :::::::::::::::::::::: 5 3.1 Writing `configure.ac' ::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Freebsd Command Reference
    FreeBSD command reference Command structure Each line you type at the Unix shell consists of a command optionally followed by some arguments , e.g. ls -l /etc/passwd | | | cmd arg1 arg2 Almost all commands are just programs in the filesystem, e.g. "ls" is actually /bin/ls. A few are built- in to the shell. All commands and filenames are case-sensitive. Unless told otherwise, the command will run in the "foreground" - that is, you won't be returned to the shell prompt until it has finished. You can press Ctrl + C to terminate it. Colour code command [args...] Command which shows information command [args...] Command which modifies your current session or system settings, but changes will be lost when you exit your shell or reboot command [args...] Command which permanently affects the state of your system Getting out of trouble ^C (Ctrl-C) Terminate the current command ^U (Ctrl-U) Clear to start of line reset Reset terminal settings. If in xterm, try Ctrl+Middle mouse button stty sane and select "Do Full Reset" exit Exit from the shell logout ESC :q! ENTER Quit from vi without saving Finding documentation man cmd Show manual page for command "cmd". If a page with the same man 5 cmd name exists in multiple sections, you can give the section number, man -a cmd or -a to show pages from all sections. man -k str Search for string"str" in the manual index man hier Description of directory structure cd /usr/share/doc; ls Browse system documentation and examples. Note especially cd /usr/share/examples; ls /usr/share/doc/en/books/handbook/index.html cd /usr/local/share/doc; ls Browse package documentation and examples cd /usr/local/share/examples On the web: www.freebsd.org Includes handbook, searchable mailing list archives System status Alt-F1 ..
    [Show full text]
  • Bootstrap Protocol, BOOTP, Is the Recommended Way to Establish Communications from the Host to the Printer in an Internet Protocol Environment
    BOOTP Bootstrap protocol, BOOTP, is the recommended way to establish communications from the host to the printer in an internet protocol environment. BOOTP obtains booting data from the bootptab file. With the proper information stored in the bootptab file, the printer can find its own name and IP address and boot from the network without any intervention, even for a first time boot. 1. Verify that the bootpd and bootptab files are in the correct directories: UNIX: /etc or /usr/etc directory OS/2: \TCPIP\ETC (for bootptab) and \TCPIP\BIN (for bootpd) LAN Server: MPTN\ETC (for bootptab) and \MPTN\BIN (for bootpd) Type: ls bootp* 2. Edit the hosts file to add the printer internet addresses and names: 128.07.60.30 P340-mktg 128.07.60.31 P340-sales For OS/2, use the TCP/IP Configuration Notebook under the Services tab to add the printer internet addresses and names. 3. Some UNIX hosts may require an explicit update to the arp table to add the new entries. This command is host-specific; check your host documentation for details. arp -s ether P340-mktg 08:00:11:01:00:45 arp -s ether P340-sales 08:00:11:01:00:46 The ether switch indicates that you are providing an Ethernet address. 4. Set up the bootptab file. 5. Start or restart the inetd or bootpd daemon. For OS/2 Warp, LAN Server 4.0, and UNIX, use the bootpd daemon. Here is a sample bootptab file; check your host system documentation to see which fields your implementation of BOOTP supports.
    [Show full text]
  • 1.113.1 Configure and Manage Inetd, Xinetd, and Related Services Weight
    1.113.1 Configure and manage inetd, xinetd, and related services Weight 4 1.113.1 Angus Lees Context Configure and manage inetd, xinetd, and Objective inetd, xinetd related services tcpwrappers Weight 4 xinetd License Of This Linux Professional Institute Certification — 102 Document Angus Lees [email protected] Geoffrey Robertson [email protected] Nick Urbanik [email protected] This document Licensed under GPL—see section 6 2005 July 1.113.1 Configure and manage Outline inetd, xinetd, and related services Weight 4 Angus Lees Context Objective inetd, xinetd tcpwrappers xinetd inetd.conf License Of This Context Document tcpwrappers Objective xinetd inetd, xinetd License Of This Document 1.113.1 Configure and manage Topic 113 Networking Services [24] inetd, xinetd, and Where we are up to related services Weight 4 Angus Lees Context Objective 1.113.1 Configure and manage inetd, xinetd, and inetd, xinetd related services [4] tcpwrappers xinetd 1.113.2 Operate and perform basic configuration of License Of This sendmail [4] Document 1.113.3 Operate and perform basic configuration of Apache [4] 1.113.4 Properly manage the NFS, smb, and nmb daemons [4] 1.113.5 Setup and configure basic DNS services [4] 1.113.7 Set up secure shell (OpenSSH) [4] 1.113.1 Configure and manage Description of Objective inetd, xinetd, and 1.113.1 Configure and manage inetd, xinetd, and related services related services Weight 4 Angus Lees Context Objective inetd, xinetd Candidates should be able to configure tcpwrappers which services are available through xinetd License Of This inetd, use tcpwrappers to allow or deny Document services on a host-by-host basis, manually start, stop, and restart internet services, configure basic network services including telnet and ftp.
    [Show full text]
  • Network Programming TDC 561 Lecture # 5: Multiservice and Multiprotocols Servers
    Network Programming TDC 561 Lecture # 5: Multiservice and Multiprotocols Servers Dr. Ehab S. Al-Shaer School of Computer Science & Telecommunication DePaul University Chicago, IL 1 select() Review int select( int maxfd, fd_set *readset, fd_set *writeset, fd_set *excepset, const struct timeval *timeout); maxfd : highest number assigned to a descriptor. readset: set of descriptors we want to read from. writeset: set of descriptors we want to write to. excepset: descriptors to watch for exceptions. timeout: maximum time select should wait 2 Dr. Ehab Al-Shaer/Network Programming select() Review ❂ select() components (e.g., p. 143) • passive (original) mailbox, afds: FD_SET and FD_CLR • active (operational) mailbox, rfds:FD_ISSET ❂ When to use it • I/O Multiplexing • Non-blocking • High-precision timer 3 Dr. Ehab Al-Shaer/Network Programming 1 Multiprotocol Servers ❂ Provides a single service using TCP or UDP ❂ Motivation • less overhead • No need for replication control • maintainability • extendibility for more protocols 4 Dr. Ehab Al-Shaer/Network Programming Multiprotocol Servers ❂ Algorithm 1. Create a passive UDP socket (usock) and passive TCP socket (tsock), Bind to a port 2. Use select() to monitor usock and tsock 3. 3. If tsock is READY 3.1. Accept connections 3.2. Read and Write 3.3. Close if finish 4. If usock is READY 4.1. Receive and Send 5. Go to 2 ❂ Example (daytimed.c, P. 150) • Is it truly concurrent? 5 •No read in tsock,Dr. Ehab and Al-Shaer/Network no close Programmingin usock, WHY? Multiservice Servers ❂ A single server that provides multiple services ❂ Motivation • less execution overhead • less code ❂ Algorithm for connectionless servers 1.
    [Show full text]
  • UNIX System Servicesplanning
    z/OS Version 2 Release 3 UNIX System Services Planning IBM GA32-0884-30 Note Before using this information and the product it supports, read the information in “Notices” on page 409. This edition applies to Version 2 Release 3 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-03-26 © Copyright International Business Machines Corporation 1996, 2018. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents List of Figures...................................................................................................... xv List of Tables......................................................................................................xvii About this document...........................................................................................xix Using this document..................................................................................................................................xix z/OS information........................................................................................................................................xix Discussion list.......................................................................................................................................xix How to send your comments to IBM.....................................................................xxi If you have a technical problem................................................................................................................xxi
    [Show full text]
  • IBM I: TCP/IP Troubleshooting • a Default Route (*DFTROUTE) Allows Packets to Travel to Hosts That Are Not Directly Connected to Your Network
    IBM i Version 7.2 Networking TCP/IP troubleshooting IBM Note Before using this information and the product it supports, read the information in “Notices” on page 71. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1997, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents TCP/IP troubleshooting......................................................................................... 1 PDF file for TCP/IP troubleshooting............................................................................................................ 1 Troubleshooting tools and techniques........................................................................................................1 Tools to verify your network structure...................................................................................................1 Tools for tracing data and jobs.............................................................................................................15 Troubleshooting tips............................................................................................................................ 31 Advanced troubleshooting tools..........................................................................................................66 Troubleshooting problems related
    [Show full text]
  • Administration Guide Administration Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 Administration Guide Administration Guide SUSE Linux Enterprise Server 15 SP1 Covers system administration tasks like maintaining, monitoring and customizing an initially installed system. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xxii 1 Available Documentation xxiii 2 Giving Feedback xxv 3 Documentation Conventions xxv 4 Product Life Cycle and Support xxvii Support Statement for SUSE Linux Enterprise Server xxviii • Technology Previews xxix I COMMON TASKS 1 1 Bash and Bash
    [Show full text]
  • Solaris Benchmark V1.3.0 (For Solaris 2.5.1 and Later Releases)
    Solaris Benchmark v1.3.0 (for Solaris 2.5.1 and later releases) Copyright 2001-2004, The Center for Internet Security http://www.CISecurity.org/ ii Solaris Benchmark v1.3.0 June 17, 2004 Copyright 2001-2004, The Center for Internet Security (CIS) TERMS OF USE AGREEMENT Background. The Center for Internet Security ("CIS") provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere (“Products”) as a public service to Internet users worldwide. Recommendations contained in the Products (“Recommendations”) result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems, and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a “quick fix” for anyone’s information security needs. No Representations, Warranties, or Covenants. CIS makes no representations, warranties, or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness, or completeness of the Products or the Recommendations. CIS is providing the Products and the Recommendations “as is” and “as available” without representations, warranties, or covenants of any kind. User Agreements. By using the Products and/or the Recommendations, I and/or my organization (“We”) agree and acknowledge that: 1.
    [Show full text]
  • Cx Odbc Driver Installation Guide
    CX ODBC Driver Installation Guide Copyright 2001 Jenazabar, Inc. You may print any part or the whole of this documentation to support installations of Jenzabar software. Where the documentation is available in an electronic format such as PDF or online help, you may store copies with your Jenzabar software. You may also modify the documentation to reflect your institution's usage and standards. Permission to print, store, or modify copies in no way affects ownership of the documentation; however, Jenzabar, Inc. assumes no responsibility for any changes you make. Filename: inodbc Distribution date: 08/30/2001 Contact us at www.jenzabar.com Jenzabar CX, and QuickMate are trademarks of Jenzabar, Inc. INFORMIX, PERFORM, and ACE are registered trademarks of the IBM Corporation Impromptu, PowerPlay, Scenario, and Cognos are registered trademarks of the Cognos Corporation UNIX is a registered trademark in the USA and other countries, licensed exclusively through X/Open Company Limited Windows is a registered trademark of the Microsoft Corporation All other brand and product names are trademarks of their respective companies JENZABAR, INC. CX ODBC DRIVER INSTALLATION GUIDE TABLE OF CONTENTS INTRODUCTION........................................................................................................................................... 1 Overview................................................................................................................................................. 1 Operation of the ODBC Link..................................................................................................................
    [Show full text]
  • The Children's Hospital
    AIX Certification Checklist Introduction: This guide contains procedures that follow best practices in the security industry. Follow these steps to secure an AIX machine. These steps will help prevent threat agents from exploiting known vulnerabilities. Procedure: Check for most recent updates that will need to be performed subsequent to installation. o Run oslevel –r to determine your maintenance level o Go to http://techsupport.services.ibm.com/server/criticalfixes3/criticalfixes.html and select your package o If your level is greater than what is listed on the site, there are no critical patches for your system at this time Install security patches retrieved before continuing. Check the Trusted Computing Base of the machine: o Use the tcbck command to check the security level of elements of the system: tcbck –y ALL o This causes the tcbck command to check the installation of each file in the tcbck database described by the /etc/security/sysck.cfg file. o Check the integrity of the file system tree with the tchck command: tcbck –t tree o Do *not* run tcbck –y tree. This will delete and disable devices that are not properly listed in the TCB and might disable your system. Set up login controls in the /etc/security/login.cfg file as follows: Attribute Applies to PtYs Applies to TTYs Recommended Comments (Network) Value sak_enabled Y Y False The Secure Attention key is rarely needed logintimes N Y Specify allowed login times here logindisable N Y 4 Disable login on this terminal after 4 consecutive failed attempts logininterval N Y 60 Terminal will be disabled when the specified invalid attempts have been made within 60 seconds loginreenable N Y 30 Re-enable the terminal after it was automatically disabled after 30 minutes logindelay Y Y 5 The time in seconds between login prompts.
    [Show full text]