Session Timers for Linux

HP SAM Session Timers for Linux have been added to provide functionality to administrators on Linux resources similar to what previously existed only for Windows resources. It features the ability to disconnect or log off users after a set amount of time when logged in, logged in but inactive, or in a disconnected state. It can also be set to factor in CPU usage with configurable thresholds.

The Session Timers for Linux are included in the SAM download package as a file in the RPM format. After copying the RPM file to the Linux-based resource, it can be installed with the following command: rpm -ivh <hpst file>.rpm (for example, rpm -ivh hpst-1.0.0-1.x86_64.rpm).

The various session timer types (described below) and their options are set within the configuration file (/etc/hpstd.conf) on each resource. Use the command /opt/hpst/sbin/hpstd –reloadafter changing settings in the configuration file for those settings to take effect. The Active and Active But Idle timers will disconnect the user when the timer is triggered. The Disconnect Session timers will log the user off of the resource when triggered. All timers operate only when connected via the HP RGS protocol and are not designed for use with resources which are intended to be logged into locally.

The following timer types are available:

Active Sessions – Allows the administrator to force a disconnection after the user has been connected for the specified period of time.

Active But Idle Sessions – Allows the administrator to force a disconnection when the user is connected and has been idle (i.e., no mouse or keyboard activity) for the specified period of time.

Disconnected Sessions – Allows the administrator to force a logoff the specified amount of time after the user disconnects (either manually or via timers or network interruption.)

Disconnected Sessions CPU Low – Works like the Disconnected Sessions timer above, but will not log the user off if the CPU activity is above the specified threshold. This timer helps to avoid logging off a disconnect user who has CPU-intensive tasks still running.

Disconnected Sessions CPU High – Works like the timer above except that it will force a logoff if the CPU activity is above the specified threshold. This is intended to free up resources which may be stuck in an infinite loop.

Please refer to the help page (man hpstd) for more detailed info and additional options.

Resource Reservations (AKA Access Restrictions)

This feature allows the administrator to restrict when and from where users may access resources. It also provides the ability to free up resources as needed for when other users require those resources.

Role settings now enable the administrator to specify the source IP Address range time of day, and day(s) of the week. Users in that role will then only receive a resource from that role when using an access device in the IP Address range and only on the specified day during the specified period of time. In this case, the user will be sent directly to a resource in this role even if he has many other roles —he will not see a role selection dialog. If outside of the IP range and time/day, the user will be denied access to that role. Multiple such reservations can be designated on each role.

By default, at the end of the reservation period, the user is logged off of the resource. The Allow time extension option can be set to allow a user to remain logged in beyond the current resource reservation end time. They can remain logged in until another resource reservation time period for the

82 Chapter 4 Administration