|
HP OpenVMS Systemsask the wizard |
|
The Question is: Hi I have checked around your site for an answer to this but no joy. I am trying to setup a support account for external company to use when we require there help. I want this account to expire after an hour which I have done fine, if you log out and try to log in after an hour it says the account is disabled. The problem comes when they don't log out they can stay connected for as long as they want till they either log out or we kick them of. Is it possible to set an account so that after an hour they can't @ or submit jobs to batch queues, basically running anything but they can if they want still look around at files etc? Take away there rights or something? I have herd this is possible. Thanks in advance. The Answer is :
You could need to customize one of the various available process
monitoring tools; one of the class of applications that is known
variously as an idle-process killer (IPKs), an idle terminal
timeout program, and similar. Please see the FAQ for pointers.
You can also enable authorized hours for each username, meaning
that you could enable the password and could update the authorized
hours to reflect a window where the user could remain logged in.
As the granularity for this mechanism is one hour intervals, you
would then enable access for the user for up to two hours. For
details, please see the AUTHORIZE qualifier /ACCESS.
The AUTHORIZE command to set up a single-use login is:
mod user/pass=xyz -
/pwdexp -
/flag=(lockpwd,disforce_pwd_change) -
/pwdlife="90-"
[/access=...]
The username must have a non-zero password lifetime setting,
though the specific setting matters not.
Simple hardware options are also available, such as a standard
mechanical timer for electrical devices -- these timers are
readily available in any hardware store, and are intended to
control household lighting and other low-powered devices. Set
and connect one of these devices to the dial-in modem. Other
similar modem-based or firewall-based approaches to controlling
remote access are also undoubtedly available.
|