APPENDIX 1: System Config Manager Parameters
Parameter Name | Description | Sample Parameter Value | Restart Required |
aioc.alert.notification.mail.address | If this parameter is set, a notification is also sent to specific users. If it’s not set, the notification is only sent to the related manager. | NO | |
aioc.available.jdbc.drivers | This parameter is used to set requested database types separated by a "," comma. | oracle.jdbc.driver.OracleDriver,org.postgresql.Driver,com.microsoft.sqlserver.jdbc.SQLServerDriver,com.mysql.jdbc.Driver,org.apache.cassandra.cql.jdbc.CassandraDriver,com.teradata.jdbc.TeraDriver,org.apache.hive.jdbc.HiveDriver,org.apache.hive.jdbc.DB2Driver, cdata.jdbc.couchbase.CouchbaseDriver | NO |
aioc.backup.backupdir | Backup directory path in Kron PAM. The file path “/u01/backup” must be manually created in Kron PAM before starting backup. The backup file is created in this path first, then it is transferred to the path defined in “aioc.backup.ftp.dirname” parameter. |
| YES |
aioc.backup.ftp.server.ip | Server IP the Backup file will be transferred to. |
| YES |
aioc.backup.ftp.username | Username to connect to the ftp server defined with the “aioc.backup.ftp.server.ip” parameter. |
| YES |
aioc.backup.ftp.password | Password of the user defined with the “aioc.backup.ftp.username” parameter. The parameter must be defined with a “yes” encryption option. |
| YES |
aioc.backup.ftp.dirname | Directory path where the backup file will be sent to in the target ftp server defined with the “aioc.backup.ftp.server.ip” parameter. |
| YES |
aioc.backup.diskspace.min.gbyte | Required disk space for ftp server to transfer backup file. The value should be set according to the size of the database to be backed up. |
| YES |
aioc.command.provisioning.c3p0.PreferredTestQuery | Defines the query that will be executed for all connection tests if the default ConnectionTester is being used. Defining a preferredTestQuery that will execute quickly in the database may dramatically speed up Connection tests. | SELECT 1 FROM DUAL | NO |
aioc.connection.reservation.expiration.alert.before.values | This parameter sets an expiry notification to be sent n days before the end of the connection reservation. | E.x: 1 | NO |
aioc.device.available.interface.names | This parameter is used to define an interface name for devices with the same IP address, so they can be distinguished during connection. | E.g: interface_1, interface_2 | YES |
aioc.device.group.property.keys | This parameter is used to define device group properties. | Default value is null. Example values: tag.Name,tag.Region,addDeviceSshKeyToUserSelection | NO |
aioc.email.domains | Set this parameter with related email domains. (More than one domain can be added with a comma. Ex: SingleConnect.com, abc.com) | gmail.com, SingleConnect.com | NO |
aioc.force.end.user.to.react.interface | Set this parameter to true to force the following users to the new end-user interface. · Users that are not in the system.admins group · Users that are not in a group with the Admin Group flag · Users that are not named admin Defaults to false. | true, false | NO |
aioc.instead.of.ad.line.manager | This parameter defines where to direct the approval request to provide the missing AD Line Manager and it will direct all the requests in case the AD Line Manager is not imported to Kron PAM or the AD Line Manager is missing | NO | |
aioc.languages | This parameter sets the preferred language as options in GUI. More than one language preference can be added with a comma separator. | en_US, ru_RU, ko_KR | NO |
aioc.nsso.active | This parameter is used to activate the nsso module in aioc and grant SSH Proxy rights to Kron PAM. | true | NO |
aioc.portal.disallow.multi.login | This parameter enables or restricts multi login on the Kron PAM GUI | true, false | NO |
aioc.portal.session.idletime.minute | This parameter defines the time in minutes to disconnect the session if the user is inactive. | 45 | YES |
aioc.portal.session.idletime.warning.before.min | This parameter defines the gives warning before ending the session. | 5 | NO |
aioc.portal.allowed.ip.for.admin.users | This parameter defines the users in the admin group to only be able to access through set IP/s. | 10.20.42.55,10.20.42.50 | NO |
aioc.region.field.visibility | If this parameter is set as “true”, the region field is visible in the New Device Discovery Screen in the Device İnventory. If it is set as “false”, the region field is not visible in the New Device Discovery Screen in the Device Inventory. If this parameter is not set, a controller/controlled license is required to visualize the region field. | | |
aioc.locking.ad.user.enabled | This parameter defines available to make AD users lockable. AD users will be locked for failed login attempts and inactivity cases same as local users. | true | NO |
aioc.session.play.alert.mail.address | Users can enter one or more email addresses separated by commas in this parameter to specify where the alert notifications that when someone views a "Play Session" in the "Session Logs should be sent. | NO | |
aioc.show.react.gui.button | If this parameter is set as false, the button for previewing the new GUI doesn’t appear. Defaults to false. | true, false | YES |
show.sc.portal.login.domain | If more than one domain exists on Kron PAM, users are able to select a domain on the WEB GUI login screen. This functionality is available only for the Web GUI. | True,false | NO |
aioc.timezone | It can be defined as "New York USA" or "GMT-5" or "Etc/GMT-5". For all those 3 definitions, time will show "... (GMT-05:00)". If the parameter is defined, time in emails will be converted to the defined time zone, otherwise, the system zone of the server sending the email will be used. | | |
aioc.user.group.property.keys | This parameter defines the user group properties. | allowSftpInSshDevices | YES |
aioc.user.password.algorithm | This parameter sets the preferred algorithm to encode user passwords. Possible algorithms are defined in the examples. | E. g. :MD5(default), SHA256, SHA384, SHA512, and NTLM | YES |
aioc.user.group.change.notifier.enabled | When a user group is edited or a user is added/deleted, a notification mail is sent to the group manager. Set this parameter to false to disable sending notification emails. Defaults to true. | false | No |
aioc.user.password.log.check.count | This value checks whether the user's new password matches older passwords. (Ex: If it is 2, it checks last 2 passwords) | 2 | NO |
aioc.users.default.password.strength | This parameter is used to set the preferred User Password Strength Level according to predefined levels: 0-None 1-Password length must be at least 5 characters 2-Password length must be at least 5 characters / Number required 3-Password length must be more than 7 characters/ Upper-Lower Case, Number, Special Character required 4-Password length must be more than 15 characters / Upper-Lower Case, Number, Special Character required | 0 | NO |
allow.changing.reservation.time.by.approver | This parameter provides to change time duration during approval time by approver. Default value is false. | true,false | NO |
approval.sms.http.encoding | Encoding format. See 5.3.6 Approval Workflow SMS Settings. | Alternative Values: UTF-8, UTF-16BE | |
approval.sms.http.headers | HTTP SMS Header. See 5.3.6 Approval Workflow SMS Settings. | Ex: Content-Type:text/xml | |
approval.sms.http.url | SMS sender http URL. See 5.3.6 Approval Workflow SMS Settings. | Ex: http://api.smsexample.com/v1/send-sms | |
approval.status.change.to.expire | When the defined time to approve the instant connection ends, the request status changes from “Waiting“ to “Expired" if not approved by approver/s. | Ex:10, | |
approval.workflow.level.timeout.period.values | The timeout period value alternatives for Approval Workflow settings, separated by commas. See 5.3.5Approval Workflow for details. Default values are: 30 minutes, 2 hours, 1 day | Ex: 30m,2h,1d | NO |
auto.approve.when.requester.is.approver | When the approver is also the requester, approval is automatically given. The default value is false | true, false | NO |
cookie.warning.message.content | This parameter is used to inform users that cookies are being used. | At Kron, we deeply respect your privacy,and we are dedicated to ensuring that your journey with our product is nothing short of exceptional. Our commitment to delivering the best experience possible leads us to employ cookies. These tiny pieces of data play a crucial role in enhancing your interaction with our platform.By utilizing cookies, we can offer personalized settings and preferences that align with your unique needs.Thank you for choosing KronPAM. We look forward to continuing to enhance your experience and provide you with a product that aligns perfectly with your needs and expectations. | NO |
command.approval.sms.http.body | Template for SMS messages to be sent for command approval through HTTP. See 5.3.6 Approval Workflow SMS Settings. | | |
command.approval.sms.smpp.body | Template for SMS messages to be sent for command approval through SMPP. See 5.3.6 Approval Workflow SMS Settings. | | |
connection.approval.sms.http.body | Template for SMS messages to be sent for connection approval through http. See 5.3.6 Approval Workflow SMS Settings. | | |
connection.approval.sms.smpp.body | Template for SMS messages to be sent for connection approval through SMPP. See 5.3.6 Approval Workflow SMS Settings. | | |
device.database.source | This parameter defines the external device database IP addresses. Multiple values must be separated by “;”. The parameter is used to add/discover devices from external device databases. | E.g: 10.10.10.10;20.20.20.20 | NO |
device.database.url_n | JDBC URL address for database connection. The parameter is used to add/discover devices from external device databases. | E.g: device.database.url_0 = jdbc:postgresql://10.10.10.10:5432/databasename | YES |
device.database.user_n | External database username. The parameter is used to add/discover devices from external device databases. | E.g.: DB_1 | YES |
device.database.password_n | External database password. The parameter is used to add/discover devices from external device databases. | must be set as "yes" | YES |
device.database.sql_n | SQL Query to import devices. IP address, hostname, element type specifier, and one of the tag values are mandatory. The parameter is used to add/discover devices from external device databases. | E.g: device.database.sql_0 = SELECT "dynName" AS IP_ADDRESS, server AS HOSTNAME, os AS ELEMENT_TYPE_SPECIFIER , id AS PORT, os as TAG_OS, site as TAG_SITE FROM devicedatabase | YES |
device.database.driver_n | Database driver for external database connection. The parameter is used to add/discover devices from external device databases. | E.g: device.database.driver_0 = org.postgresql.Driverdev | YES |
disable.instant.approval.for.http | This parameter checks WF level check box.("disable instant approval") All HTTP approvals disabled when this parameter set as true. Default value is false. | true,false | NO |
disable.instant.approval.for.rdp | This parameter checks WF level check box.("disable instant approval") All RDP approvals disabled when this parameter set as true. Default value is false. | true,false | NO |
disable.instant.approval.for.sftp | This parameter checks WF level check box.("disable instant approval") All SFTP approvals disabled when this parameter set as true. Default value is false. | true,false | NO |
disable.instant.approval.for.ssh | This parameter checks WF level check box.("disable instant approval") All SSH approvals disabled when this parameter set as true. Default value is false. | true,false | NO |
export.securecrt.role.groups | This parameter determines whether to include the roles of device groups in the exporting folder. The parameter is used to export device lists for SecureCRT. SecureCRT is a commercial SSH, Telnet client, and terminal emulator. | true | YES |
export.securecrt.script.extension | This parameter determines the type of script file of the exporting devices. The parameter is used to export device lists for SecureCRT. SecureCRT is a commercial SSH, Telnet client, and terminal emulator. | js | YES |
export.securecrt.shorten.names | If this parameter is saved as true, the parent device group name is discarded from the device group names. The parameter is used to export device lists for SecureCRT. SecureCRT is a commercial SSH, Telnet client, and terminal emulator. | true | YES |
export.securecrt.single.script | This parameter determines whether to include a script file in the exporting folder. The parameter is used to export device lists for SecureCRT. SecureCRT is a commercial SSH, Telnet client, and terminal emulator. | true | YES |
export.securecrt.templates.dir | This parameter defines the directory folder for devices. The parameter is used to export device lists for SecureCRT. SecureCRT is a commercial SSH, Telnet client, and terminal emulator. | ${netright.home}/templates/securecrt | YES |
hsm.enabled | A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication, and provides crypto processing. Kron PAM can encrypt and decrypt data with the key that HSM provides. Set these parameters according to the Hardware Security Module (HSM) device. | true | YES |
hsm.method | Client | YES | |
hsm.provider.classname | com.ncipher.provider.km.nCipherKM | YES | |
hsm.keystore.type | nCipher.sworld | YES | |
hsm.keystore.alias | secureworld | YES | |
hsm.keystore.load.password | xxx | YES | |
hsm.keystore.entry.password | xxx | YES | |
hsm.secretkey.algorithm | AES | YES | |
iga.2fa.token.timestep | Defines the token validity period | (in seconds) Default is 30 | YES |
iga.2fa.sms.http.body | HTTP request body for sending SMS | HTTP body value | NO |
iga.2fa.sms.http.headers | Headers included in the SMS HTTP request | HTTP headers value | NO |
iga.2fa.sms.http.secret.body | Secret data added to the HTTP request for security | Secret data added to the HTTP request for security | NO |
iga.2fa.sms.http.url | URL used for sending SMS via HTTP | HTTP URL | NO |
iga.2fa.sms.smpp.body | SMS message content when using the SMPP protocol | SMPP body value | NO |
iga.2fa.sms.smpp.secret.body | Secret data in the SMPP SMS message body | SMPP secret data value | NO |
iga.2fa.use.external.mobile.app | Allows MFA Client applications such as Google Authenticator or Microsoft Authenticator to run. The default value is false | true | YES |
kron.cripto.aes.key | This parameter defines the key to hide sensitive data. | IQtn5Fh70qhOeKnEDNKLcIZREHoWwhWdfmG0uOyKMtc= | YES |
legal.notice.enabled | Customers can set up a legal disclaimer message to appear at the start of RDP or VNC sessions. This parameter must be set as “true” to show the message. This parameter is used to set up a legal disclaimer message. Restart of the web portal service is needed after configurations. | true, false | NO |
legal.notice.text | The text to be shown as a legal disclaimer message. This parameter is used to set up a legal disclaimer message. Restart of the web portal service is needed after configurations. | <text> | NO |
mail.templates.dir | This parameter defines the default mail template directory. Kron PAM sends emails to group admins to notify them of new user requests, password manager actions, command authorization requests, etc. Kron PAM also sends password reset emails and MFA activation token emails. In order to achieve these actions, email settings have to be configured on Kron PAM using the Mail Config screen in the System Config Manager menu. | ${netright.home}/templates/mail | YES |
max.push.count.to.send.in.one.time | This parameter limits the notifications to be sent in the Mobile App. to prevent overactivity of the notification system. | 10 | NO |
mobile.application.otp.enabled | This parameter is used to enable or disable multi factor authentication (MFA) for the mobile application login for its online functions. Default value is false. | true, false | NO |
mobile.application.register.token.otp.validity.seconds | The validity period for one-time passwords sent for Register Token operation (in seconds) | Integer (default value = 60) | NO |
mobile.tomcat.url | This parameter defines the Kron PAM Mobile Application Server address. | https://sc251.SingleConnect.com:9443/mobile-api/rest | NO |
multitenancy.enabled | This parameter enables Kron PAM’s multitenancy function. | true | NO |
multitenancy.tacacs.port.range | The port range to be used for the TACACS devices for the tenants should be defined with this parameter. | 50000-50100 | NO |
netright.alias | This parameter determines which modules to use in AIOC. You can set the system as Kron PAM, Single Monitor or Single Command using this parameter. | sc | NO |
netright.auth.ldap | This parameter enables or disables LDAP/AD authentication. | false | YES |
netright.auth.ldap.baseDN | This parameter defines the LDAP Base DN. Base DN is the section of the directory where the application will start searching for Users and Groups. | DC=example,DC=com | NO |
netright.auth.ldap.principal | Security principal of context set from the expression defined as uid. | uid=?,DC=example,DC=com | NO |
netright.auth.ldap.url | This parameter determines the Active Directory/LDAP hostname/ip address, port number and LDAP/LDAPS protocol. If more than one URL is used, the parameters should be separated by “,”. (e.g., ldap://10.10.10.10:389, ldaps://10.10.10.20:636) | ldap://1.1.1.1:389 | NO |
netright.auth.ldap.timeout | Timeout duration for a response from the AD/LDAP server | 1000 (default value in ms) | NO |
netright.auth.ldap.socket.timeout | Timeout period for socket connection with the AD/LDAP server | 5000 (default value in ms) | NO |
netright.auth.tacacs | This parameter determines the use of the TACACS+ authorization. | true | YES |
netright.auth.tacacs.server | This parameter defines the address of the TACACS+ server. | 127.0.0.1 | NO |
netright.auth.tacacs.server.key | This parameter defines the key of the TACACS+ server. | z7i/Z15wXHgEJRwGFAQO3A== | NO |
netright.autoddl | This parameter is set as true while upgrading Kron PAM. The value of this parameter remains false while using the system. | false | YES |
netright.baseurl | This parameter is used to configure the base URL to provide connection from a proxy service. | http://127.0.0.1:80 | NO |
netright.cache.enable | This parameter determines whether the User Interface has cache. | false | YES |
netright.content.root | This parameter defines the folder of the root content. | ${netright.home}/filerepo | YES |
netright.hidden.property.keys | This parameter stores the hidden properties. | .*.password | NO |
netright.home | This parameter defines the netright.home directory. | /u01/netright-tomcat/netright | YES |
netright.instancename | This parameter defines the Kron PAM instance name. You can use different names if you use more than one instance. Instance name info to the WEB GUI is made visible by default. | SingleConnect | NO |
netright.jdbc.database | This parameter defines the type of Kron PAM database. | postgresql | NO |
netright.jdbc.password | This parameter defines the password of the Kron PAM database. | ***** | NO |
netright.jdbc.url | This parameter defines the address of the Kron PAM database. | jdbc:postgresql://localhost:5444/aioc | NO |
netright.jdbc.username | This parameter defines the name of the Kron PAM database. | aioc | NO |
netright.licence.file.path | This parameter defines the path of the license file. | ${netright.home}/licence.properties | NO |
netright.name | This parameter defines the header in the Kron PAM GUI. | SingleConnect | YES |
netright.version | This parameter defines the version shown in GUI. | 2.14.3 | NO |
nsso.nsso.ssl.port | This parameter defines the SSL port of the link between the SSH Proxy and Kron PAM. | 4443 | NO |
nsso.remote.desktop.base.dir | This parameter defines the folder in Kron PAM where files transferred during an RDP session are stored. | /tmp | NO |
nsso.remote.desktop.daemon.host | This parameter defines the host address of the RDP Proxy. | 127.0.0.1 | NO |
nsso.remote.desktop.daemon.port | This parameter defines the port of the RDP Proxy. | 4822 | NO |
nsso.remote.desktop.drive.sharing.enabled | This parameter is used to transfer files between RDP endpoints. When this property is set, a special folder on Kron PAM (/tmp/<username>) is shared with all the RDP endpoints as a shared drive named “G on SC RDP”. | true, false | NO |
nsso.remote.desktop.idle.threshold | Time limit to start calculation of idle time (millisecond). If the “nsso.remote.desktop.idle.threshold” property is not set in the System Config Mang., this property value is set at 30000ms(30seconds) by default. | Example:40000 | NO |
nsso.remote.desktop.key.logger.enabled | This parameter grants rights to see the RDP session logs as Key Logger. Mouse and keyboard inputs during RDP sessions can be accessed in this page. | true | NO |
nsso.remote.desktop.key.logger.hidden.key. | The Key logger of RDP sessions logs all the key motions in clear text. This feature must be stopped to obscure certain data. When the users press the defined key twice in a session, the key logger hides the key motions by the limit defined in this parameter. If “nsso.remote.desktop.key.logger.hidden.key.limit” is not defined manually in the System Config Man., the hidden key limit is 15 keys by default. | 15 | YES |
nsso.remote.desktop.key.logger.key.hiding.shortcut | This parameter is used to define the key that will disable key logging for the defined hidden limited keys. The default key is "ESC". | "ESC" | YES |
nsso.remote.desktop.ocr.enabled | This parameter grants rights to see the RDP session logs as OCR Logs. You can see the activities performed by the user during an RDP session. | true | NO |
nsso.remote.desktop.ocr.lang | This parameter is used to get OCR logs in the required language. Codes for the supported languages can be found in the Admin Guide. Multiple languages must be separated by "+". | eng+kor+tur+spa | NO |
nsso.remote.desktop.ocr.threads | This parameter defines the maximum number of threads allocated to OCR processes in multitenant environments. Default value is 2. | Ex: 2 | NO |
nsso.remote.desktop.session.duration.limit.warning.before.min | This parameter is used to determine the time a warning is shown before the session times out. | Example:4 | NO |
otp.rest.url | This parameter is used to enable MFA. The rest URL should be set as the Kron PAM Public IP and port. | Ex:http://127.0.0.1 | NO |
rdp.idle.session.timeout | User sessions can be terminated based on their idle duration. This parameter is used to set a timeout limit (minute). | Example:5 | NO |
rdp.timeout.server.response.time | This parameter is used to set timeout for the response time of the server. The connection timeout parameter is 15 seconds by default but the parameter can be configured as per the requirements (second). | Ex: 10 | NO |
sapm.job.password.change.thread.count” | This parameter is used to change the number of threads running the SAPM Auto Import jobs. The default value is 5. | 5 | YES |
sapm.show.password.expiration.time.values | This parameter defines the password reservation times of SAPM Accounts. When a user makes a password reservation for an SAPM account, these time options are presented to reserve a time. | 5m,30m,2h,24h | NO |
sc.aaa.freeradius.password | This parameter defines the password to connect to the RADIUS server. | ***** | NO |
sc.aaa.freeradius.url | This parameter defines the URL address of the RADIUS server. | jdbc:postgresql://127.0.0.1:5444/aioc | NO |
sc.aaa.freeradius.username | This parameter defines the username to connect to the RADIUS server. | aioc | NO |
sc.aaa.radius.ldap.conf.path | This parameter is used to set the path of the RADIUS configuration file to insert Active Directory/LDAP parameters. | /etc/raddb/mods-available/ldap | NO |
sc.aaa.radius.restart.command | This parameter defines the command to restart the RADIUS server. The server needs to be restarted with this command to apply changes. | systemctl restart pam-radius | NO |
sc.aaa.tacacs.conf.path | This parameter is used to set the path of theTACACS+ configuration file to insert Active Directory/LDAP parameters. | /u01/kron/etc/kron_tacacs.conf | NO |
sc.aaa.tacacs.restart.command | This parameter defines the command to restart the TACACS+ server. The server needs to be restarted with this command to apply changes. | systemctl restart pam-tacacs | NO |
sc.freeradius.server | This parameter defines the address of the Free RADIUS Server. If this parameter is not equal to the requested remote address, the program will return an authorization error. | 127.0.0.1 | YES |
sc.policy.xml.dir | This parameter defines the location of the policy.xml file. | /u01/nssoapp/conf/xml | YES |
sc.portal.otp.enabled | This parameter is used to enable or disable multi factor authentication (MFA) for the Kron PAM GUI login. | true, false | NO |
sc.rdp.connection.otp.enabled | This parameter is used to enable or disable multi factor authentication (MFA) for RDP connections. (true=enabled, false=disabled) | false | NO |
sc.rdp.otp.cache.enabled | If this parameter is saved as true, the user will not be asked for OTP during the cache duration after entering OTP. | true | YES |
sc.rdp.otp.cache.seconds | This parameter defines the cache time in seconds. | 300 | YES |
sc.rdp.page.list.element.length | This parameter defines the length of the accounts and remote app names. Sometimes names can be long and do not fit in the screen. The default value is 1. | Value : Length 1 : 29 characters 2 : 36 characters 3 : 56 characters 4 : 89 characters | NO |
sc.user.group.manager.obligated.member.of.group | This parameter is used to determine whether managers will belong to the user group or not. The default value is “true”. | true, false | NO |
smpp.addressRange | The destination address range to be served by this ESME account. This parameter is optional, and SMSC settings will be applied if it is not defined. | Example: 1* (for numbers starting with 1 | YES |
smpp.addrNpi | Numeric Plan Indicator (NPI) to be used for address range parameters. This parameter is optional, and SMSC settings will be applied if it is not defined. | Alternative values: 0: Unknown 1: ISDN (E163/E164) 3: Data (X.121) 4: Telex (F.69) 6: Land Mobile (E212) 8: National 9: Private 10: ERMES 14: Internet (IP) 18: WAP Client ID | YES |
smpp.addrTon | Type of Number (TON) to be used for address range parameter. This parameter is optional, and SMSC settings will be applied if it is not defined. | Alternative values: 0: Unknown 1: International 2: National 3: Network Specific 4: Subscriber Number 5: Alphanumeric 6: Abbreviated | YES |
smpp.bindMode | Bind mode for the ESME account. This parameter is mandatory for sending/receiving SMS over SMPP. | Alternative values: t: transmitter r: receiver tr: transceiver (transmitter and receiver) | YES |
smpp.destinationNpi | Numeric Plan Indicator (NPI) parameter to be used for destination address. This parameter is optional, and SMSC settings will be applied if it is not defined. | Alternative values: 0: Unknown 1: ISDN (E163/E164) 3: Data (X.121) 4: Telex (F.69) 6: Land Mobile (E212) 8: National 9: Private 10: ERMES 14: Internet (IP) 18: WAP Client ID | YES |
smpp.destinationTon | Type of Number (TON) parameter to be used for destination address. This parameter is optional, and SMSC settings will be applied if it is not defined. | Alternative values: 0: Unknown 1: International 2: National 3: Network Specific 4: Subscriber Number 5: Alphanumeric 6: Abbreviated | YES |
smpp.enquireLinkPeriodMs | Period in milliseconds to make EnquireLink requests to the SMSC. EnquireLink requests are used to check the health of the status of the connection between the ESME and target SMSC. Any value less than or equal to “0” will be defaulted to 5000 ms (5 seconds). The SMPP connection will be automatically re-established in case of SMPP connection failures during Enquire Link requests. | Ex: 10000 (In milliseconds | YES |
smpp.ip | IP address of the SMSC. This parameter is mandatory for sending/receiving SMS over SMPP. | Ex: 10.20.40.95 | YES |
smpp.password | The password used to authenticate an ESME account defined in SMSC. This parameter is mandatory for sending/receiving SMS over SMPP. | Ex: netright | YES |
smpp.port | Binding port for SMPP, listened on SMSC. This parameter is mandatory for sending/receiving SMS over SMPP. | Ex: 16000 | YES |
smpp.receiveTimeout | Timeout duration for trying to receive a message from the SMSC. This parameter is optional. | Alternative values: -1 (Infinite wait until a PDU is received. 1,2,3…. (number of seconds) | YES |
smpp.serviceType | SMS Application service associated with the message. This parameter is optional and sent as Default, if not defined. | Alternative values: (NULL): Default CMT: Cellular Messaging CPT: Cellular Paging VMN: Voice Mail Notification VMA: Voice Mail Alerting WAP: Wireless Application Protocol USSD: Unstructured Supplementary Services Data | YES |
smpp.sourceAddress | The source address to be used when sending messages. This parameter is mandatory for sending/receiving SMS over SMPP. | Ex: PAM, +12348372939 | YES |
smpp.sourceNpi | Numeric Plan Indicator (NPI) to be used in the SME source address parameters. This parameter is mandatory for sending/receiving SMS over SMPP. It should be defined as Unknown (0), if an alphanumeric source address is tobe used to send messages (Ex: SingleCon) | Alternative values: 0: Unknown 1: ISDN (E163/E164) 3: Data (X.121) 4: Telex (F.69) 6: Land Mobile (E212) 8: National 9: Private 10: ERMES 14: Internet (IP) 18: WAP Client ID | YES |
smpp.sourceTon | Type of Number (TON) to be used in the SME source address parameters. This parameter is mandatory for sending/receiving SMS over SMPP. It should be defined as Alphanumeric, if an alphanumeric source address is to be used to send messages (Ex: SingleCon) | Alternative values: 0: Unknown 1: International 2: National 3: Network Specific 4: Subscriber Number 5: Alphanumeric 6: Abbreviated | YES |
smpp.syncMode | Receiving mode. If set to sync, the application waits for a response after sending a request PDU. If set to async, the application doesn't wait for responses, rather they are passed to and implementation of ServerPDUListener by the Receiver. The listener is also passed every request PDU received from the SMSC. This is an optional parameter and default value is sync. | Alternative values: sync – Synchronous async - Asynchronous | YES |
smpp.systemId | The system ID used to identify an ESME defined in SMSC. It is used for SMPP sender authentication. This parameter is mandatory for sending/receiving SMS over SMPP. | Ex: netright | YES |
smpp.systemType | The system type used to categorize the type of ESME binding to the SMSC. This parameter is optional for sending/receiving SMS over SMPP, and if not defined the system type is sent as null. | Alternative values: VMS: Voice Mail System OTA: Over-the-air Activation system (NULL): Default | YES |
sms.channel | Which channel is to be used to send SMS. Default value is http. | Alternative values: http: for using http-based SMS Proxy smpp: for using SMPP towards SMPP | YES |
sso.geosites | This parameter defines the location of the server. |
| NO |
sso.ip | This parameter defines the IP address of the SSH proxy. | 127.0.0.1 | NO |
sso.port | This parameter defines the port of the IP address of the SSH proxy. | 2222 | NO |
sql.proxy.bind.port.range | This parameter defines the port range for auto assigning sql.proxy.bind.port parameter | 6000-7000 | NO |
sql.proxy.oracle.local.bind.port.tenant_aioc | This parameter defines port number of Oracle devices. All Oracle database connections are made through this port. For multitenant environments, the tenant’s name should be entered instead of the aioc. | 5000 | NO |
syslog.message.rfcFormat | RFC_5424 and RFC_3164 formats are supported in SIEM configuration. This parameter determines the RFC format and must be set as one of these values. | RFC_5424,RFC_3164 | YES |
syslog.message.content.format | This parameter is used to determine content format. | KEY_VALUE, CEF, LEGACY_CEF | YES |
syslog.server.hostName | Kron PAM can send logs to SIEM systems. This parameter is used to set the SIEM Host IP address. |
| YES |
syslog.server.port | This parameter is used to set the port of the SIEM host. The default value is "514". | 514 | YES |
tfa.otp.issuer | The name of the MFA server. This string is shown on top of the Offline Token value on the mobile app, when a QR code that is issued from the server is scanned on a mobile app. | String | NO |
user.forceManagerUserInGroup | If this parameter is saved as true, you must define a manager for a user group. Otherwise, user groups can be created without a manager. | true | NO |
user.lock.afterFailedLoginAttempts | Users are locked after a certain number of failed login attempts. This parameter defines the number of failed login attempts before locking the user account. | 20 | YES |
aioc.locking.ad.user.enabled | This parameter defines available to make AD users lockable. AD users will be locked for failed login attempts and inactivity cases same as local users. | | |
user.lock.afterInactiveMillis | Kron PAM locks inactive users. This parameter defines the maximum inactive time before locking a user. The user password must be reset to unlock the user account. | 2629743000 | NO |
user.mail.from | This parameter defines the sender mail address for MFA. | change_it@change_it.com | YES |
user.registration.enabled | This parameter is to hide the new user button on the Login screen. Default value is false. | true,false | NO |
user.suspend.afterFailedLoginAttempts | Users are suspended after a certain number of failed login attempts. This parameter defines the number of failed login attempts before suspending the user. | 10 | YES |
user.suspend.forMillis | After a certain amount of failed login attempts, users are suspended for the time determined in this parameter. This value is in milliseconds. | 60 | NO |
windows.auth.keytab.path | These parameters are used to configure the settings of the Kron PAM Application. | = /u01/netright-tomcat/conf/sc.keytab | NO |
windows.auth.spn | =HTTP/ Kron PAM ServerName | NO | |
aioc.auth.windows | true | YES | |
rdp.idle.session.timeout.warning.before.min | This parameter is used to configure the warning pop-up display. | 5 | YES |
rdp.hide.top.menu.by.default | When this parameter is true, the bar in the RDP connections will be hidden by default. | true | NO |
aioc.portal.client.ip.header | This property will be available. The default value is null, so no header will be checked to detect the client IP (TCP source IP will be used by default). You can define it with the value "X-Forwarded-For". | X-Forwarded-For | YES |
session.record.encryption.enabled | This parameter allows RDP/VNC and SSH video recordings to be securely stored in an encrypted format in a database. The recordings remain encrypted until the user replays them, ensuring data protection and confidentiality. | true | NO |
sc.rdp.reason.mail.recipient | If the reasonRequiredForConnection parameter is set and if this parameter is available in systemconfig, the written reason will be mailed to the recipients. More than one email address can be used, with a comma separator. | NO | |
sql.proxy.2fa.enabled | This parameter is used for integrating the MFA module with SQL Proxy. | false | NO |
sql.proxy.2fa.delimeter | Distinguishes the 6 digit authentication code and db.username. User can give desired symbol. For example if delimeter is ‘#’ then USERNAME #321654 needs to be db.username when using SQL proxy | | NO |
ssh.client.kex.algorithms | This parameter specifies the key exchange algorithms used by the SSH client. Key exchange algorithms determine how the client and server will agree on a shared secret key for the session. | ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 | |
ssh.client.host.key.algorithms | This parameter specifies the host key algorithms used by the SSH client to verify the server's identity. | [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss | |
ssh.client.encryption.algorithms | This parameter specifies the encryption algorithms used by the SSH client to encrypt the data transferred between the client and the server. | [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,arcfour256,arcfour128,3des-cbc,blowfish-cbc | |
ssh.client.mac.algorithms | This parameter specifies the message authentication code (MAC) algorithms used by the SSH client to ensure the integrity and authenticity of the data. | [email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 | |