• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 694
  • Last Modified:

How to limit logon tme for a user

Hi All,
On solaris, if the logon user in not using his termainal or idle for sometime, How to kick him off from the system "security wise"?
Thanks
0
husamzm
Asked:
husamzm
  • 6
  • 3
  • 2
  • +3
1 Solution
 
tfewsterCommented:
Install idled - http://www.darkwing.com/idled/  - It's the best, most flexible method and handles all shells & connection methods
0
 
ahoffmannCommented:
some shells also support a autologout variable
Solaris also has a TCP/IP-idle-timout, default is 2 hours
0
 
husamzmAuthor Commented:
Thanks for the 3rd party hat can do that, but the system is critical that I can't install 3rd party S/W or I will lose the support. There is no built in tool in the Solaris O/S can do that?

Husam
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
TintinCommented:
ahoffman.

Which specific TCP parameter are you referrring to?  I'm not aware of any.
0
 
ahoffmannCommented:
ndd /dev/tcp tcp_keepalive_interval
0
 
husamzmAuthor Commented:
tcp_keepalive_interval default value is 720000
this means 2 hours ? How ? and if we modify the value to less time, it will affect all system logins, but How to assign it to specific system logins, any idea?
thanks

Husam
0
 
TintinCommented:
TCP keepalives won't logout a user.  It is an extension to the original TCP specification to send keepalives at regular intervals to keep TCP connections open.  Typically this is done from the client or application side, but given the proliferation of firewalls and general network devices that can silently drop connections idle for a certain period, the TCP keepalives are useful in these circumstances.

husamzm.

The closest you're going to get without installing additional software is the ability for ksh/bash users to automatically logout after the defined number of seconds in the TMOUT environment variable.
0
 
ahoffmannCommented:
tcp_keepalive_interval is a kernel parameter, and so cannot be aplied to specific users and/or processes

>  TCP keepalives won't logout a user.
hmm, true, it won't logout.
But the connection is gone away. Is there a difference for the user if logged out, or no more connection ;-)
0
 
TintinCommented:
ahoffmann,

Maybe I'm misunderstanding what you're saying, but I'm interpreting that you are saying that setting the tcp_keepalive_interval will drop a connection?

If so, then that is incorrect.
0
 
ahoffmannCommented:
Tintin, please see http:Q_20978298.html
0
 
OtetelisanuCommented:
In  the ksh shell
is the

TMOUT=0

     TMOUT     If set to a value greater  than  zero,  the  shell
               will  terminate if a command is not entered within
               the prescribed number of seconds after issuing the
               PS1  prompt.  (Note that the shell can be compiled
               with a maximum bound for this value  which  cannot
               be exceeded.)

look

man ksh


0
 
OtetelisanuCommented:
File
/etc/default/login

# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
#TIMEOUT=300

If you make
TIMEOUT= 900
you have 900:60=15 minutes for timeout

for
#TIMEOUT=300
timeout is OFF
0
 
ahoffmannCommented:
keep in mind that not all shells support read-only variables, so there is nothing to restrict me doing

   unset TIMEOUT
   unset TMOUT
   unset autologout

;-)
0
 
ahoffmannCommented:
valuable suggestions given, IMHO, no refund
0
 
moduloCommented:
PAQed - no points refunded (of 50)

modulo
Community Support Moderator
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now