Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 694
  • Last Modified:

How to limit logon tme for a user

Hi All,
On solaris, if the logon user in not using his termainal or idle for sometime, How to kick him off from the system "security wise"?
Thanks
0
husamzm
Asked:
husamzm
  • 6
  • 3
  • 2
  • +3
1 Solution
 
tfewsterCommented:
Install idled - http://www.darkwing.com/idled/  - It's the best, most flexible method and handles all shells & connection methods
0
 
ahoffmannCommented:
some shells also support a autologout variable
Solaris also has a TCP/IP-idle-timout, default is 2 hours
0
 
husamzmAuthor Commented:
Thanks for the 3rd party hat can do that, but the system is critical that I can't install 3rd party S/W or I will lose the support. There is no built in tool in the Solaris O/S can do that?

Husam
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
TintinCommented:
ahoffman.

Which specific TCP parameter are you referrring to?  I'm not aware of any.
0
 
ahoffmannCommented:
ndd /dev/tcp tcp_keepalive_interval
0
 
husamzmAuthor Commented:
tcp_keepalive_interval default value is 720000
this means 2 hours ? How ? and if we modify the value to less time, it will affect all system logins, but How to assign it to specific system logins, any idea?
thanks

Husam
0
 
TintinCommented:
TCP keepalives won't logout a user.  It is an extension to the original TCP specification to send keepalives at regular intervals to keep TCP connections open.  Typically this is done from the client or application side, but given the proliferation of firewalls and general network devices that can silently drop connections idle for a certain period, the TCP keepalives are useful in these circumstances.

husamzm.

The closest you're going to get without installing additional software is the ability for ksh/bash users to automatically logout after the defined number of seconds in the TMOUT environment variable.
0
 
ahoffmannCommented:
tcp_keepalive_interval is a kernel parameter, and so cannot be aplied to specific users and/or processes

>  TCP keepalives won't logout a user.
hmm, true, it won't logout.
But the connection is gone away. Is there a difference for the user if logged out, or no more connection ;-)
0
 
TintinCommented:
ahoffmann,

Maybe I'm misunderstanding what you're saying, but I'm interpreting that you are saying that setting the tcp_keepalive_interval will drop a connection?

If so, then that is incorrect.
0
 
ahoffmannCommented:
Tintin, please see http:Q_20978298.html
0
 
OtetelisanuCommented:
In  the ksh shell
is the

TMOUT=0

     TMOUT     If set to a value greater  than  zero,  the  shell
               will  terminate if a command is not entered within
               the prescribed number of seconds after issuing the
               PS1  prompt.  (Note that the shell can be compiled
               with a maximum bound for this value  which  cannot
               be exceeded.)

look

man ksh


0
 
OtetelisanuCommented:
File
/etc/default/login

# TIMEOUT sets the number of seconds (between 0 and 900) to wait before
# abandoning a login session.
#
#TIMEOUT=300

If you make
TIMEOUT= 900
you have 900:60=15 minutes for timeout

for
#TIMEOUT=300
timeout is OFF
0
 
ahoffmannCommented:
keep in mind that not all shells support read-only variables, so there is nothing to restrict me doing

   unset TIMEOUT
   unset TMOUT
   unset autologout

;-)
0
 
ahoffmannCommented:
valuable suggestions given, IMHO, no refund
0
 
moduloCommented:
PAQed - no points refunded (of 50)

modulo
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now