HP OpenVMS Systemsask the wizard |
The Question is: Hi I have checked around your site for an answer to this but no joy. I am trying to setup a support account for external company to use when we require there help. I want this account to expire after an hour which I have done fine, if you log out and try to log in after an hour it says the account is disabled. The problem comes when they don't log out they can stay connected for as long as they want till they either log out or we kick them of. Is it possible to set an account so that after an hour they can't @ or submit jobs to batch queues, basically running anything but they can if they want still look around at files etc? Take away there rights or something? I have herd this is possible. Thanks in advance. The Answer is : You could need to customize one of the various available process monitoring tools; one of the class of applications that is known variously as an idle-process killer (IPKs), an idle terminal timeout program, and similar. Please see the FAQ for pointers. You can also enable authorized hours for each username, meaning that you could enable the password and could update the authorized hours to reflect a window where the user could remain logged in. As the granularity for this mechanism is one hour intervals, you would then enable access for the user for up to two hours. For details, please see the AUTHORIZE qualifier /ACCESS. The AUTHORIZE command to set up a single-use login is: mod user/pass=xyz - /pwdexp - /flag=(lockpwd,disforce_pwd_change) - /pwdlife="90-" [/access=...] The username must have a non-zero password lifetime setting, though the specific setting matters not. Simple hardware options are also available, such as a standard mechanical timer for electrical devices -- these timers are readily available in any hardware store, and are intended to control household lighting and other low-powered devices. Set and connect one of these devices to the dial-in modem. Other similar modem-based or firewall-based approaches to controlling remote access are also undoubtedly available.
|