Idle Timeout

Brian Candler B.Candler at pobox.com
Tue Jan 4 12:35:14 EST 2011


On Tue, Jan 04, 2011 at 10:34:00AM -0500, Shaun Quartier wrote:
> I’m currently using Kerberos for our employee intranet through htaccess and
> I was interested in finding a way to implement an idle logout for users
> after 15 minutes of using the site.

I presume you mean after 15 minutes of *not* using the site.

>From a user interface point of view, what do you want the user to see if
they haven't accessed the site for 15 minutes, and then come back to it?

And what do you want the user to see when they visit the site for the first
time?

Kerberos is a single sign-on system. You get your TGT at the start of the
day, and then it logs you in automatically and transparently to each service
you visit.

If you want the site to prompt for username/password, either initially or
after an idle timeout, then I think it will need to do its own HTTP Basic
authentication.

Regards,

Brian.




More information about the Kerberos mailing list