[global]
; url - Location to fas server
url = https://admin.fedoraproject.org/accounts/

; temp - Location to generate files while user creation process is happening
temp = /var/db

; login - username to contact fas
login = kevinfasclient

; password - password for login name
password = {{ fasClientpass }}

; prefix - Install db files, etc, to a prefix (like a chroot for example)
prefix = /

; modefile - Location of a file containing saved home directory modes
modefile = /var/lib/fas/client_dir_perms

; cla_group - Group for CLA requirements
cla_group = cla_done

[host]
; Group hierarchy is 1) groups, 2) restricted_groups 3) ssh_restricted_groups
; so if someone is in all 3, the client behaves the same as if they were just
; in 'groups'

; groups that should have a shell account on this system.
groups = packager,irc-support-operators

; groups that should have a restricted account on this system.
; restricted accounts use the restricted_shell value in [users]
restricted_groups = 

; ssh_restricted_groups: groups that should be restricted by ssh key.  You will
; need to disable password based logins in order for this value to have any
; security meaning.  Group types can be placed here as well, for example
; @hg,@git,@svn
ssh_restricted_groups =

; aliases_template: Gets prepended to the aliases file when it is generated by
; fasClient
aliases_template = /tmp/template.txt

[users]
; default shell given to people in [host] groups
shell = /bin/bash

; home - the location for fas user home dirs
home = /home/fedora

; home_backup_dir - Location home dirs should get moved to when a user is 
; deleted this location should be tmpwatched
home_backup_dir = /tmp/fedora

; ssh_restricted_app - This is the path to the restricted shell script.  It
; will not work automatically for most people though through alterations it
; is a powerfull way to restrict access to a machine.  An alternative example
; could be given to people who should only have cvs access on the machine. 
; setting this value to "/usr/bin/cvs server" would do this.
ssh_restricted_app = "/usr/bin/cvs server"

; restricted_shell - The shell given to users in the ssh_restricted_groups
restricted_shell = /sbin/nologin

; ssh_restricted_shell - The shell given to users in the ssh_restricted_groups
ssh_restricted_shell = /bin/bash

; ssh_key_options - Options to be appended to people ssh keys.  Users in the 
; ssh_restricted_groups will have the keys they uploaded altered when they are
; installed on this machine, appended with the options below.
ssh_key_options = no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty