Novell Doc: Novell SecureLogin 6.0

8.7 Quick Login/Logout

Quick Login/Logout provides an easy way for users to see who is logged in to a workstation. It also provides a convenient way for a user to lock or log out of the workstation when leaving a work area. QuickLogin/Logout is probably most useful for kiosks or shared workstations.

The following figure illustrates Quick Login/Logout’s dialog box

By default, Quick Login/Logout dialog box shows the following information:

The user ID of the currently logged in user
The user's full name
The time remaining before a Secure Workstation inactivity timeout

8.7.1 Using the Lock Workstation Button

To lock the workstation, click Lock Workstation. Clicking this button does the same thing as pressing Ctrl+Alt+Del, then selecting Lock Workstation.

This feature is most useful when used with the LDAP Authentication Client. A user who plans to leave a public workstation for only a few minutes can elect to lock the workstation so that the user’s programs continue running.

If the action associated with the Network Logout Event is Close All Programs, the previous user's programs are closed when the workstation is locked.

NOTE:Quick Login/Logout is visible even when the workstation is locked, but the Lock Workstation and Logout buttons aren’t visible.

Scenario: Locking the Workstation. Sandy is a network administrator and Gudrun is a nurse at the VMPClinic. Nurses at a nursing station frequently need to interrupt their data entry to check on patients.

Gudrun logs in to the shared workstation, opens DataQuick to view patient data, then opens RediLog to update a report. Before she has completed her tasks, however, she is summoned to a patient’s room. Planning to be gone from the workstation for just two minutes, Gudrun doesn’t want to log out. Instead, she clicks Lock Workstation and leaves to check on a patient. Returning, Gudrun unlocks the workstation and continues using DataQuick and RediLog.

8.7.2 Using the Logout Button

When you click Logout, the Quick Login/Logout Interface sends a Manual Lock signal to Secure Workstation. Secure Workstation executes the action associated with the Manual Lock Event in the policy.

The following figure illustrates actions that you can set from the Default Actions drop-down list:

If the action for the Manual Lock Event is Close All Programs and Log Out of the Network, and the Post-Policy Command has been configured to launch the login dialog (either loginw32.exe or nldaplgn.exe), Secure Workstation does the following, all within a matter of seconds:

Closes the current user's programs.
Logs the user out of the network.
Displays a login dialog for the next user.

NOTE:The speed at which Secure Workstation closes programs depends on several factors. For more information, see Terminating Applications.

Scenario: Sharing a Workstation. Nurses at VMP Clinic share a workstation at a nursing station. As administrator, Sandy wants one nurse to be able to log off quickly and another nurse to be able to log in quickly. Sandy selects Close all Programs and Log Out of the Network as the default Manual Lock action. In addition, Sandy configures the Post-Policy command to launch the login dialog box.

Gudrun logs in to the workstation, opens DataQuick to check patient data, opens RediLog to update a report, completes her tasks, then clicks Logout. Secure Workstation closes DataQuick and RediLog, logs Gudrun out of the network, then displays the login dialog box. The workstation is ready for the next nurse.

8.7.3 Details about Policy Enforcement

The behavior of Secure Workstation depends on the settings in the Effective policy. The policy includes the following:

A set of events that Secure Workstation listens for
A set of actions that will be taken when one of those events occurs.

After Secure Workstation detects an event, the user is considered to be out of compliance with the policy. This means that the user has, for example, exceeded an inactivity time limit or removed an authentication device, such as a smart card. Unless one of the actions is Log Out of the Workstation or Lock the Workstation, Secure Workstation continues to execute the action associated with the events in the policy that are out of compliance.

Scenario: Removing a Proximity Card. The Effective policy contains a Device Removal Event that requires a pcProx proximity card. The action associated with this event is Close All Programs. Secure Workstation is set up to close all programs specified in the policy when the card is removed.

Claire attempts to restart one of those programs without replacing the proximity card. Secure Workstation immediately closes the program. Secure Workstation continues to execute the action associated with the Device Removal Event until the user is in compliance with the event.

This behavior is the same for all of the Secure Workstation events. If you don't want users to have the ability to run certain programs without being authenticated to the network, configure a Network Logout Event that closes those programs.

You can use the Post-Login Method to provide Secure Workstation with a new effective policy.

Scenario: A New Effective Policy. Claire leaves and takes her proximity card. Secure Workstation closes her programs and continues closing them until her proximity card has been replaced. Markus approaches the workstation and presents his proximity card. Secure Workstation continues to close the programs specified in the policy.

The programs are closed because Secure Workstation requires Claire’s proximity card to be present, because Secure Workstation detected Claire’s card when Secure Workstation generated the Effective policy that it is currently enforcing. However, Markus can log in using the Post-Login Method, which causes Secure Workstation to refresh its policy. Secure Workstation now requires Markus’ proximity card to be present instead of Claire’s card.

You can use the Post-Login Method to provide Secure Workstation with a new effective policy.