We would like to see some examples on how login and connection idle timeout (formerly applet timeout) settings affect user sessions.

Any supported PAM release as of September 2020.

For the following 3 scenarios, assume Login Timeout is 30 minutes and Connection Idle Timeout (formerly Applet Timeout) is 60 minutes.

Scenario 1) The user logs into PAM. Five minutes into the PAM session, the user starts an SSH session to a UNIX endpoint using the SSH Access Method. Ten minutes into the PAM session, the user views the password for a Windows endpoint. Assuming the user leaves the PAM session and the SSH session idle, when are these sessions logged off due to inactivity and why?

The user is logged out 30 minutes (login timeout) after the last activity, in this case the password view, and the SSH session is closed at the time of the logout. One minute prior to the timeout, there will be a popup that the user can acknowledge to stay in the session and reset the timer.

Scenario 2) A second scenario is very similar. The user logs into PAM. Five minutes into the PAM session, the user starts an SSH session to a UNIX endpoint usning the SSH Access Method. From the SSH session, the user launches a database reorg that will run for 20 hours. While the database reorg is running, there is no input or output to the SSH session. Will the SSH session be logged off due to inactivity before the database reorg has completed. Assuming no additional activity for the PAM serssion or the SSH session, when will both of these sessions be logged off due to inactivity and why?

A job running on a target server has no impact on the PAM timeout logic. Because the login timeout is shorter than the connection idle timeout, the session, and with it the applet, will be terminated 30 minutes after the last activity, the launch of the database job, if the user doesn't act on the 1 minute timeout warning.

Scenario 3) How are Services like PuTTY affected by Login Timeout and Connection Idle Timeout?

An access session to a target device, whether it's from a built-in access method or from a configured TCP/UDP service, is affected by the connection idle timeout, and possibly by the login timeout if that is shorter than the connection idle timeout, see the previous scenarios.