- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- VMS Login prompt disconnects after 20 seconds?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 02:44 AM
тАО06-10-2007 02:44 AM
VMS Login prompt disconnects after 20 seconds?
What security benefit does OpenVMS systems have when the login prompt dissapears after idle after 20 seconds??
IS this because to avoid sessions that tend to be hogging most CPU time?? Or, is this an advanced security feature?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 05:40 AM
тАО06-10-2007 05:40 AM
Re: VMS Login prompt disconnects after 20 seconds?
It is not a question of CPU time. LOGINOUT is hardly a CPU intensive process.
The "benefit" of terminating an otherwise idle "Login:" prompt is the LOGINOUT process that is running on that terminal and the network connection if it is a network login of some sort.
I have not timed the default recently, so I will admit that I do not remember offhand what the default value is.
Before we go further, perhaps you could be so kind as to identify the OpenVMS version?
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 06:38 AM
тАО06-10-2007 06:38 AM
Re: VMS Login prompt disconnects after 20 seconds?
None.
It's 99% there to annoy folks.
It's 1% there to avoid wasting memory resources.
That 1% surely is the original reason of this 'feature'. Actually, the feature is fine, the 20 seconds annoys me immensly as you can tell. It's too short! Make it 10 minutes and I'm cool with it.
>> IS this because to avoid sessions that tend to be hogging most CPU time??
What CPU time? It is just sitting there for a terminal/network QIO to complete. ZERO cpu.
The cost of the wait is a process slot, and a QIO, and maybe (in days gone by) a line from a modem pool.
Way back when, folks tuned systems with limited memory to have just enough process slots. I have not seen a system with restricted process slots in the last 20 years.
The price for this timeout to fire pre-maturely is 100 times larger than for it not happening (IMHO!). I don't connect to a system 'accidently' and if I do I'll control-Z out. So if the timeout fires on me, then dollars to donuts I will re-start the login, costing a wind-down + accounting record for the old process, a new prcoess create, and a slightly ticked-off customer.
>> Or, is this an advanced security feature?
No, just a poorly chosen, or dated, default.
Thanks!
Hein.
[0 points for this reply please.
Oh, you don't do points anyway do you?]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 06:40 AM
тАО06-10-2007 06:40 AM
Re: VMS Login prompt disconnects after 20 seconds?
So what type of security benefit does this have as its really kind of annoying??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 07:09 AM
тАО06-10-2007 07:09 AM
Re: VMS Login prompt disconnects after 20 seconds?
I admittedly do not have time to check, but on one of my systems the default value is 30 seconds. If I am correct, the parameter is LGI_PWD_TMO and is documented, among other places, in the HELP text for SYSGEN.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 07:48 AM
тАО06-10-2007 07:48 AM
Re: VMS Login prompt disconnects after 20 seconds?
That this isn't a question of security, prompts, or system performance, or such.
As for your wish to avoid the prompt timeout, consider the use of ssh and certificates, or enable and use single sign-on, or enable and use the ALF (automatic login facility), and avoid the password prompt. And the timeout.
Or consider disabling passwords entirely, either on your username, or on all usernames.
Any of which will avoid the login-related timeout.
These suggestions can or do introduce various degrees of insecurity. But they do avoid the timeout.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2007 09:47 PM
тАО06-10-2007 09:47 PM
Re: VMS Login prompt disconnects after 20 seconds?
this timeout value seems to be controlled by the LGI_RETRY_TMO system parameter.
Just increase LGI_RETRY_TMO (it's a dynamic parameter) and your Username: prompt will stay around much longer (tested on V7.3-1).
If the timeout would have been infinite, you could be wasting some resources (network connections, process slots, some memory and pool). So you could effectively consume lots of resources without even having logged in to the system. The implementation of the timeout value prevents this.
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2007 08:47 AM
тАО06-11-2007 08:47 AM
Re: VMS Login prompt disconnects after 20 seconds?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2007 01:03 PM
тАО06-11-2007 01:03 PM
Re: VMS Login prompt disconnects after 20 seconds?
Don't be so sure! Some history for your amusement...
Back around 1990 I had a call from a customer complaining that he'd found a LOGINFAILURE in accounting that had consumed 2 days of CPU time. He couldn't understand why.
Later he called back to say he'd worked out that an operator had knocked over a TK50 cartridge onto the ENTER key of a terminal. This had resulted in the "Username:" prompt rolling over for the whole weekend.
We experimented with the most powerful system we had at the time, an 8200, and discovered that with only FOUR terminals and TK50 cartridges ;-), we could bring the system to it's knees, saturating the CPU with Username prompting. This was escalated as a potential denial of service attack.
Possibly as a result (or maybe it was already on the drawing board), the LGI parameters give more control over how logins and failures are handled. You no longer get a continuous stream of prompts. The process fails after LGI_RETRY_LIM attempts, which is enough to prevent CPU saturation, and certainly prevents LOGINFAILURE processes with prodigious CPU consumption.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2007 01:44 PM
тАО06-11-2007 01:44 PM
Re: VMS Login prompt disconnects after 20 seconds?
Mea Culpa! Indeed, lOGINOUT (and its equivalent functions on other systems) can indeed bring the system to its knees if confronted with a stream of never ending input.
While I did not do this with a TK50 cartridge, it was easily accomplished using the loopback switch on modems in a modem bank, and the first broadcast to all terminals could bring the system down.
- Bob Gezelter, http://www.rlgsc.com