The utility mfa-server-cli can be used to configure MFA server.
mfa-server-cli command [options]
mfa-server-cli --help
mfa-server-cli service-config
mfa-server-cli mfa-server [--port=<MFA server port> | --clientCertCAPath=<CA certificate path> | --enforceClientAuth=<true/false> | --mfaValidity=<Validity of MFA in minutes>]
mfa-server-cli auth-server [--authSrvHost=<AA server address> --endPointID=<id> --endPointSecret=<secret>]
mfa-server-cli policy-config [--event=<AA event name> | --eDirRepo=<eDirectory repository in AA server>]
mfa-server-cli mfa-manage [--printAllMfaSessions=yes | --deleteAllMfaSessions=yes]
mfa-server-cli logging [--logLevel=<error/warn/info/debug> | --logFilePath=<path> | --logTimeStampFormat=<format>]
mfa-server-cli service-cleanup
mfa-server-cli service-reconfig
mfa-server-cli print-config
Service configuration requires eDirectory tree administrator credentials. Confirm the host name to be used for the MFA server; it should match the DNS name in Apache server's default virtual host SSL certificate. Successful service configuration initializes the database and brings up the MFA server.
The MFA server can use any port in range of 1024 to 65535. By default, MFA server uses port 3456. If the specified port number is not available, the MFA server uses the next available port.
Path of CA certificate file used by MFA server to validate the client certificate of MFA agent. By default, this path is configured to use the eDirectory CA certificate.
If set to true, the validation of the client certificate presented by the MFA agent is enforced. By default, this value is true.
The period during which multifactor authentication (MFA) is valid for users. If the validity expires, the user is required to complete the second factor of authentication during their next login.
IP address or host name of the AA server.
ID of endpoint created in AA server.
Secret of the AA endpoint.
Name of the event created in AA server.
Name of the eDirectory repository in the AA server, which is used for multifactor authentication of the eDirectory users. If the repository name is not configured, the AA server searches for the user in every available repository. For Active Directory (AD) users, the repository name is automatically detected by CIFS, and no additional configuration is required.
Lists all valid MFA sessions. Expired sessions are not listed.
Deletes all the MFA sessions.
Configures the log level. Default log level is info.
Log file path of the MFA server. By default, the log file path is /var/opt/novell/log/oes/mfaserver/mfaserver-<date>.log.
Log message time stamp format. By default, the time format is YYYY-MM-DD HH:mm:ss.
Reverts the service configuration and stops the MFA server.
Reconfigure the MFA server after a service cleanup. eDirectory administrator credentials are not required while reconfiguring an MFA server. Confirm the hostname for the MFA server.
Prints the configuration parameters of the MFA server.
Prints the MFA server configuration.
Initializes the database and brings up the MFA server.
Adds the AA server details for the MFA server.
Adds the AA configuration details for the MFA server.
Reverts the service configuration and stops the MFA server.