Operating System - OpenVMS
1748211 Members
4626 Online
108759 Solutions
New Discussion юеВ

Re: Disconnect user session automatically

 
SOLVED
Go to solution
EWONG
Advisor

Disconnect user session automatically

Since many users may not logout their seesion after work, so any way/tool to disconnect the user logon session automatically ?

Thanks a lot.
17 REPLIES 17
Hein van den Heuvel
Honored Contributor

Re: Disconnect user session automatically

There are several 'solutions' in this space, in freeware as well as commercial.
Hitman is possibly the best known of those.

There is even a OpenVMS FAQ entry for it:

http://vmsone.com/~ovmsfreeware/ovmsfwv6/disk2/vmsfaq/vmsfaq_007.html

Google for: +openvms +freeware +"idle process"

I personally don't like any of them, as I believe they cause excessive overhead, end user annoyance and only a false sense of safety.

Specifically, if I have a telnet/puTTY session on a 'locked' PC, then there is no way VMS based sofware can see whether this is safe or not. So they kill it, and then I have to transmit my password over the line again, create a new process, re-execute my environment setup, loose my recall buffers.
Thanks for nothing!

Still, I suppose you gotta do what you gotta do!

Cheers,
Hein.
Allan Bowman
Respected Contributor

Re: Disconnect user session automatically

Welcome to the forums!

How are the users connecting? Are they using Telnet, or DECserver connections?
Depending on the connection type, there are a number of ways to force them off.
Also, do you want to check if they are actually doing anything, or just dump them at a certain time?

Allan in Atlanta
EWONG
Advisor

Re: Disconnect user session automatically

Hein and Allan, thanks for the prompt response.

Actually, we use the emulation software Reflection-X (thru REXEC) and Excursion (thru TELNET) to connect to Alpha system. If there has any checking before we kill the session, that would be definitely a benefit.

Thanks in advance.

Edmond
John Abbott_2
Esteemed Contributor
Solution

Re: Disconnect user session automatically

As an example, here's a routine we use, but then we have an SLA to support it. Use at your own risk, etc.

PS.I've slightly modified it to take out some site specific stuff. It's a bit more friendly than a just kill everyone routine. Doesn't do any checking to see if the user/pid is actually doing anything.

John.


Don't do what Donny Dont does
Karl Rohwedder
Honored Contributor

Re: Disconnect user session automatically

Edmond,

here we use the WATCHER package from H.Goatley.
It is very flexible. You find it here:

http://www.madgoat.com/watcher.html


regards Kalle
Ian Miller.
Honored Contributor

Re: Disconnect user session automatically

I use WATCHER which is highly configurable. It has saved money as you don't need to buy a higher number of user licences.

It does depend on your environment.
____________________
Purely Personal Opinion
John Gillings
Honored Contributor

Re: Disconnect user session automatically

"Idle process killers" (IPKs) are bad!

They give a false sense of security and if not very carefully written, in extreme cases can cause some very nasty things to happen (for example, if you're running an IPK, never let your process count exceed BALSETCNT). They also encourage users to come up with mechanisms that defeat the IPK. Very easy to do, and generally wasteful of resources.

Rather than kill the process suspected of being idle, a better option would be to enable virtual terminals and disconnect the TELNET connection. That way the user can log back in to the session without losing any work. I'm not sure if any of the off-the-shelf solutions are capable of doing this.

That's all if you're attempting to figure out if a particular process idle from "outside" (even in theory, practically impossible). On the other hand, if you're writing an application with some kind of command loop, it's very easy to impose a timeout on command input and exit/logoff cleanly.
A crucible of informative mistakes
Thomas Ritter
Respected Contributor

Re: Disconnect user session automatically

John, IPK maybe bad, but on all or our production hosts its mandatory. Even at the business end it is supported. For example, one group of users has an idle limit set at 15 minutes. We know our applications really well can precisely determine their "idleness". We use KBLOCK with a modified routine that starts with a $FORCEX followed by $DELPRC. Further the application has an exit handler which responds to $forcex. Works most of the time. The success of IPK deployment depends a lot the application and OS interaction. In the early delays some application components held "lock" during "operator wait time" and at termination started a change of RDB rollbacks. :( Those troublesome application components have since been addressed. When you introduce an IPK make sure you understand what can happend if any type of application or recovery work may follow the termiantion request.

I am not endorsing KBLOCK.
John Gillings
Honored Contributor

Re: Disconnect user session automatically

Thomas,

>We use KBLOCK with a modified routine
>that starts with a $FORCEX followed by
>$DELPRC. Further the application has an
>exit handler which responds to $forcex.
>Works most of the time.

If the application has an exit handler especially written to handle an IPK, why not just implement the idle timeout in the application itself and avoid all the potential problems? Much easier to issue a command READ with a timeout and take the timeout condition to be equivalent to an EXIT command. Very simple, very effective and much safer than shooting processes.
A crucible of informative mistakes