HP t520 Administrator Guide 1 - Page 167
shutdown, sshd
View all HP t520 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 167 highlights
Registry key root/security/domainEntryMode root/security/enableLockOverride root/security/enableSecretPeek root/security/encryption/identity/ encryptedSecretCipher root/security/encryption/identity/ encryptedSecretTTL root/security/encryption/identity/ secretHashAlgorithm root/security/encryption/identity/ secretHashTTL root/security/mustLogin Description If set to 1, the domain is expected to be entered in a separate text field labeled Domain. if set to 0, the domain is expected to be entered as part of the User field. If set to 1, administrators can override the screen lock of a local desktop. If set to 1, password and PIN dialogs will have a button that, while selected, will show the entered password/PIN in clear text. Sets the algorithm for symmetric encryption of a secret. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is stored. The encryption key is different on each thin client, and encryption and decryption are available only to authorized programs. The supported cipher list includes most OpenSSL ciphers and ChaCha20-Poly1305. Sets the number of seconds since the last successful login that a stored encrypted secret will be considered valid. If set to a negative number, encrypted secrets will not time out. Sets the algorithm for creating a hash of a secret. Key Derivation Functions (KDFs) such as scrypt or argon2 are better than straightforward hashes because it is not quick to compute a rainbow dictionary using a KDF. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is hashed. The supported list includes scrypt, Argon2, SHA-256, and SHA-512 (though the latter two are not KDFs). Sets the number of seconds since the last successful login that a stored hashes of secrets will be considered valid. If set to a negative number, hashes of secrets will not time out. If set to 1, all users are forced to log in before accessing the desktop. shutdown Registry key root/shutdown/enableAutomaticShutdownTimeout root/shutdown/timeOfAutomaticShutdownTimeout Description If set to 1, a progress bar is shown in the shutdown/restart/logout confirmation dialog box. If the question is not answered in time, automatically shutdown/restart/logout. Sets the wait time for automatic shutdown timeout. sshd Registry key root/sshd/disableWeakCipher root/sshd/disableWeakHmac root/sshd/disableWeakKex Description If set to 1, disable the CBC mode cipher and other known weak ciphers, such as 3DES, arcfour, etc. If set to 1, disable 96 bit hmac and any sha1-based and md5- based hmac. If set to 1, disable key exchange algorithms that have DH with SHA1. shutdown 155