Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to limit logon tme for a user

Posted on 2004-05-01
16
667 Views
Last Modified: 2013-12-27
Hi All,
On solaris, if the logon user in not using his termainal or idle for sometime, How to kick him off from the system "security wise"?
Thanks
0
Comment
Question by:husamzm
  • 6
  • 3
  • 2
  • +3
16 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 10966485
Install idled - http://www.darkwing.com/idled/  - It's the best, most flexible method and handles all shells & connection methods
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10966634
some shells also support a autologout variable
Solaris also has a TCP/IP-idle-timout, default is 2 hours
0
 

Author Comment

by:husamzm
ID: 10970094
Thanks for the 3rd party hat can do that, but the system is critical that I can't install 3rd party S/W or I will lose the support. There is no built in tool in the Solaris O/S can do that?

Husam
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 48

Expert Comment

by:Tintin
ID: 10973858
ahoffman.

Which specific TCP parameter are you referrring to?  I'm not aware of any.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10977633
ndd /dev/tcp tcp_keepalive_interval
0
 

Author Comment

by:husamzm
ID: 10983239
tcp_keepalive_interval default value is 720000
this means 2 hours ? How ? and if we modify the value to less time, it will affect all system logins, but How to assign it to specific system logins, any idea?
thanks

Husam
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10983259
TCP keepalives won't logout a user.  It is an extension to the original TCP specification to send keepalives at regular intervals to keep TCP connections open.  Typically this is done from the client or application side, but given the proliferation of firewalls and general network devices that can silently drop connections idle for a certain period, the TCP keepalives are useful in these circumstances.

husamzm.

The closest you're going to get without installing additional software is the ability for ksh/bash users to automatically logout after the defined number of seconds in the TMOUT environment variable.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10984498
tcp_keepalive_interval is a kernel parameter, and so cannot be aplied to specific users and/or processes

>  TCP keepalives won't logout a user.
hmm, true, it won't logout.
But the connection is gone away. Is there a difference for the user if logged out, or no more connection ;-)
0
 
LVL 48

Expert Comment

by:Tintin
ID: 10992626
ahoffmann,

Maybe I'm misunderstanding what you're saying, but I'm interpreting that you are saying that setting the tcp_keepalive_interval will drop a connection?

If so, then that is incorrect.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 10993245
Tintin, please see http:Q_20978298.html
0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11047005
In  the ksh shell
is the

TMOUT=0

     TMOUT     If set to a value greater  than  zero,  the  shell
               will  terminate if a command is not entered within
               the prescribed number of seconds after issuing the
               PS1  prompt.  (Note that the shell can be compiled
               with a maximum bound for this value  which  cannot
               be exceeded.)

look

man ksh


0
 
LVL 4

Expert Comment

by:Otetelisanu
ID: 11221961
File
/etc/default/login

# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
#TIMEOUT=300

If you make
TIMEOUT= 900
you have 900:60=15 minutes for timeout

for
#TIMEOUT=300
timeout is OFF
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11223852
keep in mind that not all shells support read-only variables, so there is nothing to restrict me doing

   unset TIMEOUT
   unset TMOUT
   unset autologout

;-)
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11354083
valuable suggestions given, IMHO, no refund
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11387692
PAQed - no points refunded (of 50)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question