Hrm. Old code indeed.
The site was rather painful for me to look at, in fact. :)
What shells do your users use? From what I can see, both ksh and bash
support the environment variable TMOUT, and allow you to make it
read-only by setting it with the shell-builtin "readonly" (irrelevant
shell variables snipped for clarity):
[0:af/f/fd0man> readonly TMOUT=30
declare -r TMOUT="30"
[0:af/f/fd0man> timed out waiting for input: auto-logout
That was bash on a NetBSD system. The same thing happens with ksh on my
fd0manallspice$ ksh: timed out waiting for input
If the user attempts to change it:
ksh: TMOUT: is read only
It looks like tcsh supports the same sort of thing, but not original
csh. YMMV... here is a link to a table of shell equivalents just in
case you may want/need it:
Since OpenBSD's default shell is sh (ksh, pdksh), you should be able to
enforce timeouts if your users don't use a nonstandard shell. If you
only have sh, ksh, bash, or tcsh in /etc/shells, then you should be able
to enforce it unless a user decides to remain logged in intentionally
while remaining idle, which you could probably detect with a cron job
running as frequently as every few hours.