Solved

How to limit logon tme for a user

Posted on 2004-05-01
16
652 Views
Last Modified: 2013-12-27
Hi All,
On solaris, if the logon user in not using his termainal or idle for sometime, How to kick him off from the system "security wise"?
Thanks
0
Comment
Question by:husamzm
  • 6
  • 3
  • 2
  • +3
16 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 10966485
Install idled - http://www.darkwing.com/idled/  - It's the best, most flexible method and handles all shells & connection methods
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10966634
some shells also support a autologout variable
Solaris also has a TCP/IP-idle-timout, default is 2 hours
0
 

Author Comment

by:husamzm
ID: 10970094
Thanks for the 3rd party hat can do that, but the system is critical that I can't install 3rd party S/W or I will lose the support. There is no built in tool in the Solaris O/S can do that?

Husam
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10973858
ahoffman.

Which specific TCP parameter are you referrring to?  I'm not aware of any.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10977633
ndd /dev/tcp tcp_keepalive_interval
0
 

Author Comment

by:husamzm
ID: 10983239
tcp_keepalive_interval default value is 720000
this means 2 hours ? How ? and if we modify the value to less time, it will affect all system logins, but How to assign it to specific system logins, any idea?
thanks

Husam
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10983259
TCP keepalives won't logout a user.  It is an extension to the original TCP specification to send keepalives at regular intervals to keep TCP connections open.  Typically this is done from the client or application side, but given the proliferation of firewalls and general network devices that can silently drop connections idle for a certain period, the TCP keepalives are useful in these circumstances.

husamzm.

The closest you're going to get without installing additional software is the ability for ksh/bash users to automatically logout after the defined number of seconds in the TMOUT environment variable.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 10984498
tcp_keepalive_interval is a kernel parameter, and so cannot be aplied to specific users and/or processes

>  TCP keepalives won't logout a user.
hmm, true, it won't logout.
But the connection is gone away. Is there a difference for the user if logged out, or no more connection ;-)
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10992626
ahoffmann,

Maybe I'm misunderstanding what you're saying, but I'm interpreting that you are saying that setting the tcp_keepalive_interval will drop a connection?

If so, then that is incorrect.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10993245
Tintin, please see http:Q_20978298.html
0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11047005
In  the ksh shell
is the

TMOUT=0

     TMOUT     If set to a value greater  than  zero,  the  shell
               will  terminate if a command is not entered within
               the prescribed number of seconds after issuing the
               PS1  prompt.  (Note that the shell can be compiled
               with a maximum bound for this value  which  cannot
               be exceeded.)

look

man ksh


0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11221961
File
/etc/default/login

# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
#TIMEOUT=300

If you make
TIMEOUT= 900
you have 900:60=15 minutes for timeout

for
#TIMEOUT=300
timeout is OFF
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11223852
keep in mind that not all shells support read-only variables, so there is nothing to restrict me doing

   unset TIMEOUT
   unset TMOUT
   unset autologout

;-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11354083
valuable suggestions given, IMHO, no refund
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11387692
PAQed - no points refunded (of 50)

modulo
Community Support Moderator
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now