ThinLinc users sessions

Hi
I am trying to find a solution for ThinLinc sessions, users usually don’t log-out the session properly when they leave, this leaves their thinlinc sessions open on server which keep consuming server resources and sometimes corrupt their files in case if the server is restarted.

thinlinc sessions2214×1399 392 KB

how can I configure auto log-out policy for thinlinc sessions, like if someone is inactive for 3 hours his session must be automatically log-out (not killed but gracefully log-out)

I would really appreciate if you can help me out with this.

thanks

JA

Yes, there are a couple of different options, you can read about them in our Administrator’s Guide here:

https://www.cendio.com/resources/docs/tag/config_lifetime.html?highlight=limiting

Kind regards,
Martin

Hi, Can I make this time based, like after 6PM but before 8AM it logout user sessions who are idle for 2 hours

Sorry for keeping you waiting!

Sorry to say, there’s no tooling in ThinLinc for achieving that functionality.

Kind regards,
Martin

I have configured -MaxIdleTime 28800 and in the morning users are not able to login the error message that we got “username/password incorrect” it’s worth noting here that some users are able to login on same servers without any issue

there’s no issue with LDAP we have checked their password with other LDAP integrated services and it was working absolutely fine

I’m afraid that must be caused by something else, as authentication and the idle setting are not handled by the same components.

Could you have a look and see what the system journal states when these authentications failed?

The options in the manual sound good, but: How does ThinLinc determine a session as “idle”?

We often have users who:

• start a small script that queries some API somewhere for some data once per hour/day
• run “journalctl -f | grep error” in a terminal windows
• start a bigger Python script that aligns reads to some genome for hours/days

and then they disconnect the session and come back a week later.

We would not consider these kind of session as “idle” and would not want to kill them while some process (python, “tail -f”, “journalctl -f”, etc) is running, but we would very much like to kill sessions where the user just didn’t know “KDE menu → Session → Log out” vs “F8 → disconnect” and left a session REALLY idling.

Is there some way to implement this distinction in ThinLinc? Maybe with some kind of allow-list or so?

“Idle” in this context means “lack of user input” (e.g. keyboard/mouse events).

ThinLinc/Xvnc doesn’t really know how many processes a user has running, or which of these process are important enough to warrant leaving a session alive. So something like what you describe would probably have to be implemented at system level, maybe using something like loginctl.

Thanks, this helps a lot! I will try to find an implementation for this. Just “no input” idle would probably kill a lot of valid sessions for us.

If you do find a solution, feel free to let us know! It might be useful for others too.

I will report back if I find something!