On Tue, Jun 1, 2010 at 5:02 PM, Alan Altmark <alan_altm...@us.ibm.com> wrote: > On Tuesday, 06/01/2010 at 09:51 EDT, "Martin, Terry R. (CMS/CTR) (CTR)" > <terry.mar...@cms.hhs.gov> wrote: >> This may have been asked before but I was wondering the best way to >> Automatically log off a CMS user after a designated time frame. This is > to >> address an Audit finding. > > You opened the door, Terry, so I will walk through it: What policy would > drive an auditor to create such a finding? I just have trouble with a > policy that says "After a CMS user has been logged on for [n] minutes, log > them off." To what end? And is it really only CMS users? In Linux > systems the CMS users are the admins and SVMs, none of whom should be > logged off (IMO). (I might buy FORCE DISC, but not logoff.)
This requirement was very popular in the old days with real terminals that were left unattended. Now that people use a termulator program on their desktop, I think the reboot of the desktop satisifies the requirement well enough :-) On the serious side - when the auditors already require screen saver with password on the desktop to protect the desktop applications from unauthorized fingers poking in, would that not also address your open tn3270 session? Rob