HP OpenVMS Systems

ask the wizard
Content starts here

One-shot user login?

» close window

The Question is:

Hi I have checked around your site for an answer to this but no joy. I am
 trying to setup a support account for external company to use when we require
 there help. I want this account to expire after an hour which I have done
 fine, if you log out and try
to log in after an hour it says the account is disabled. The problem comes when
 they don't log out they can stay connected for as long as they want till they
 either log out or we kick them of.
Is it possible to set an account so that after an hour they can't @ or submit
 jobs to batch queues, basically running anything but they can if they want
 still look around at files etc? Take away there rights or something? I have
 herd this is possible.
Thanks in advance.

The Answer is :

  You could need to customize one of the various available process
  monitoring tools; one of the class of applications that is known
  variously as an idle-process killer (IPKs), an idle terminal
  timeout program, and similar.  Please see the FAQ for pointers.
  You can also enable authorized hours for each username, meaning
  that you could enable the password and could update the authorized
  hours to reflect a window where the user could remain logged in.
  As the granularity for this mechanism is one hour intervals, you
  would then enable access for the user for up to two hours.  For
  details, please see the AUTHORIZE qualifier /ACCESS.
  The AUTHORIZE command to set up a single-use login is:
    mod user/pass=xyz -
      /pwdexp -
      /flag=(lockpwd,disforce_pwd_change) -
  The username must have a non-zero password lifetime setting,
  though the specific setting matters not.
  Simple hardware options are also available, such as a standard
  mechanical timer for electrical devices -- these timers are
  readily available in any hardware store, and are intended to
  control household lighting and other low-powered devices.   Set
  and connect one of these devices to the dial-in modem.  Other
  similar modem-based or firewall-based approaches to controlling
  remote access are also undoubtedly available.

answer written or last revised on ( 8-AUG-2001 )

» close window