[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: idletimeout issues, and kerberos authentication

Peter Saunders pajs@fodder.org.uk
Mon, 12 Sep 2005 06:10:44 -0700 (PDT)

On Fri, Sep 09, 2005 at 05:06:39PM -0700, Bryan Stansell wrote:
> so, would most term servers reset their disconnect timer when data flows
> either way?  my first impression was that data had to be sent to the
> term server to keep it alive.  but if that's not the case, it can
> certainly be changed so that the idletimeout doesn't fire until it's
> totally quiet.
> if anyone can prove that the idle bits work as i expected (data needs to
> come into the term server), please let me know.  otherwise, i'll just go
> on the assumption that data in either direction prevents the term server
> from shutting things down and fix things as requested.  it certainly
> makes sense (well, they both do, but this slightly more).

Well, I can't speak for any one elses terminal servers.. But as an
experiment.. I telneted to ours after taking it out of conserver
control.. At the timeout period, it disconnected me. 

Then, i tried again, but on the host had a while(true) loop running
'echo "keep alive" > /dev/console' every 10 minutes.. The terminal
server session stayed alive.

> me either.  perhaps the PAM hooks would work?  i've never tried,
> honestly.  i'd certainly put any kerberos patches into the distribution.
> i don't have an environment to develop and test against (or any
> knowledge of the kerberos api).

I dont believe PAM would work in this case. It could authenticate
correctly against kerberos with the correct module, but to be
passwordless, the client and server would need knowledge of the
tickets etc. 

Many thanks