XAC: OSH session not prompting for the correct password following PASSWORDTIMEOUT

XAC: OSH session not prompting for the correct password following PASSWORDTIMEOUT

After starting an XOA OSS shell and logging on, often a user will switch to another user id using the 
"sh -" command.   If a PASSWORDTIMEOUT value is specified, when that value is met or exceeded, the user will be prompted to enter the user password in order to regain access to the session.  For XOA sessions,  the user will be prompted to enter the password for the original session user instead of the current user.  

Example:


1. An XOA session is established, with a PASSWORDTIMEOUT value of 300 (five minutes)
2. The user OPER.JOE logs on
3. At some point, the user for that session is changed to SECURITY.ADMIN
4. After sitting idle for five minutes, PASSWORDTIMEOUT is reached.  The user is prompted to enter the password
    for OPER.JOE, not SECURITY.ADMIN in order to resume the session.

For the OSS session, an XAC process is running and it starts an XOA process as the current user (OPER.JOE).  When the "su -"  is done to change users a new shell gets started as SECURITY.ADMIN, but XOA is still running as the original user (OPER.JOE).  As a result, when the PASSWORDTIMEOUT value is reached, XAC prompts for the original user?s password.  For the password prompt to be for SECURITY.ADMIN, XOA would have to switch to SECURITY.ADMIN when it sees the I/O  from the ?su? shell and thus XAC would switch to SECURITY.ADMIN and then the password prompt would be for SECURITY.ADMIN.  While this behavior is not consistent with a TACL session, it is normal and expected with an  OSH session.

If this article did not provide a solution, please open a case with our support team by sending an email message to support@xypro.com.