To specify a maximum idle time, enter the following:
set appserver IdleConnectionPruneTime #
where # is a value in minutes. When there is no traffic over the connection between a client and the Application Server for this period of time, the connection is automatically closed. By default this value is set to 0, which means the connection is never closed.
yes, The MaximiumSessionCredentialLifetime will force an expire if there is an activity.
You need to restart the application server to get this change in effect.
Hi I have done this, then logged into the console and left the console logged in... Then when I checked on the console 45 mins later and I could still use the console it didn't lock me out or ask me to relogin????
So it looks like the
set appserver IdleConnectionPruneTime # doesn't work..!!!
What’s the purpose of doing this?
The envirnoment is a PCI sure environment and it is a requirement for PCI... along with the following:
- Set passwords for first-time use and resets to a unique value for each user and change immediately after the first use.
- Remove/disable inactive user accounts at least every 90 days.
- Change user passwords at least every 90 days.
- Require a minimum password length of at least ten characters.
- Use passwords containing both numeric and alphabetic characters.
- Do not allow an individual to submit a new password that is the same as any of the last four passwords he or she has used.
- Limit repeated access attempts by locking out the user ID after not more than six attempts.
- Set the lockout duration to a minimum of 30 minutes or until administrator enables the user ID.
- If a session has been idle for more than 15 minutes, require the user to re-authenticate to re-activate the terminal or session.
I know that I can't do a number of the above but can do these:
Account Lockout Duration
Account Lockout Threshold
Max Password Age
Min Password Length
But if your workstation follows those settings, then the bladelogic UI follows those settings…
Do all other applications follow the same 15min idle timeout ? eg, sharepoint?
The workstation does lock after 15 mins of inactivitly but if you minimize the console and do some other work you can go back to the console after 45 mins and still be able to work... The client will not accept this for PCI and require the console to ask you re login after 15 mins idle... or else some sort of official BMC documentation to say that it is not possible...
Then the console should run in a citrix or TS session that locks out when inactive rather than installed on a users desktop.
Doesn't work, is this resolved in later releases?
set appserver IdleConnectionPruneTime
Even if you are not active, your gui is still polling the appserver to refresh bits of the UI, like ‘tasks in progress’ so I doubt it ever actually goes idle.
So I don’t know if there is a way to do this, perhaps a rfe.
Like scott I’ve yet to see this as a requirement – it’s usually covered by the desktop security settings. If those are in place then it doesn’t matter what happens w/ any programs running on the desktop. For example – does your outlook time out after 15 min of inactivity? Why is that exempted?
It’s an interesting requirement to raise w/ product management. I don’t believe any of the later releases support the configuration you want. I still go back to the outlook example for this. in the customer environment, does outlook idle out if you don’t use it for 15 min ? if not, they why is it exempt ?