Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1715: Need to re-login when the computer goes into screen saver or is unattended for a while on Solaris 9

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: DirectControl 4.1.2 or above on Sun Solaris 9 x86 or SPARC

Problem:
If you use the screen saver to lock a Solaris 9 machine, when the screensaver locks the machine and an AD password is supplied to unlock the screen, the session automatically gets logged out.

Cause:
This is due to a problem in synchronous SIGPIPE handling on Solaris 9 kernels. Centrify opened a ticket with Sun (CaseID# 66118345)

Note: This is a known issue which has been mentioned in the release notes. 

Workaround:
1. Edit /etc/centrifydc/centrifydc.conf
2. Set adclient.client.idle.timeout: 0
3. Restart adclient : /usr/share/centrifydc/bin/centrifydc restart

Note: This configuration parameter specifies the number of seconds before the Centrify DirectControl agent will drop a socket connection to an inactive client. In most cases, you set this configuration parameter using the Computer Configuration > Centrify Settings > DirectControl Settings > Network and Cache Settings >

Set idle client timeout group policy by selecting Enabled and specifying the maximum number of seconds to keep open a connection when a client is idle. You can, however, set it manually in the configuration file if you aren’t using group policy or want to temporarily override group policy. If you are manually setting this parameter, the parameter value must be an integer greater than zero. The following example sets the inactive client timeout to 5 seconds:

adclient.client.idle.timeout: 5

If you set this parameter to zero, the Centrify DirectControl agent will never drop the socket connection. Therefore, you should always specify a value greater than zero but in this case, this is highly recommended. If this parameter is not defined in the configuration file, its default value is 5 seconds.

A question may be asked about any side effects as a result of using this parameter. adclient normally ages out inactive LRPC connections to it - like a  client crashed, or timed out waiting for reply and just exits. In this case, the fd (file descriptor) will not be aged out. It will linger around until adclient restarts. The side effect is negligible - since most clients are well behaved.


Resolution:
None as this is a Sun/Oracle issue. As of this date and time, there has been no resolution from vendor.

 

 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles