diff --git a/main.c b/main.c
index 17553d6..0aa4988 100644
--- a/main.c
+++ b/main.c
@@ -619,18 +619,21 @@ main(int argc, char *argv[])
 	}
 
 	if (opts->user_auth) {
+		if (!opts->userdb_path) {
+			fprintf(stderr, "User auth requires userdb path\n");
+			exit(EXIT_FAILURE);
+		}
 		// @todo Check if we can really pass the db var into the child process for privsep
 		// https://www.sqlite.org/faq.html:
 		// "Under Unix, you should not carry an open SQLite database across a fork() system call into the child process."
-		if (sqlite3_open("/var/db/duaf.db", &opts->userdb)) {
+		if (sqlite3_open(opts->userdb_path, &opts->userdb)) {
 			fprintf(stderr, "Error opening user db file: %s\n", sqlite3_errmsg(opts->userdb));
 			sqlite3_close(opts->userdb);
 			exit(EXIT_FAILURE);
 		}
 		// @todo Change mac column to ether
-		int rc = sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL);
-		if (rc) {
-			log_err_level_printf(LOG_CRIT, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
+		if (sqlite3_prepare_v2(opts->userdb, "UPDATE ip2user SET atime = ?1 WHERE ip = ?2 AND user = ?3 AND mac = ?4", 200, &opts->update_user_atime, NULL)) {
+			fprintf(stderr, "Error preparing update_user_atime sql stmt: %s\n", sqlite3_errmsg(opts->userdb));
 			sqlite3_close(opts->userdb);
 			exit(EXIT_FAILURE);
 		}
diff --git a/opts.c b/opts.c
index 5f2166b..ee910ad 100644
--- a/opts.c
+++ b/opts.c
@@ -70,6 +70,7 @@ opts_new(void)
 	opts->remove_http_accept_encoding = 1;
 	opts->remove_http_referer = 1;
 	opts->verify_peer = 1;
+	opts->user_timeout = 300;
 	return opts;
 }
 
@@ -160,6 +161,9 @@ opts_free(opts_t *opts)
 		free(opts->mirrortarget);
 	}
 #endif /* !WITHOUT_MIRROR */
+	if (opts->userdb_path) {
+		free(opts->userdb_path);
+	}
 	if (opts->user_auth_url) {
 		free(opts->user_auth_url);
 	}
@@ -1465,6 +1469,17 @@ opts_unset_user_auth(opts_t *opts)
 	opts->user_auth = 0;
 }
 
+static void
+opts_set_userdb_path(opts_t *opts, const char *optarg)
+{
+	if (opts->userdb_path)
+		free(opts->userdb_path);
+	opts->userdb_path = strdup(optarg);
+#ifdef DEBUG_OPTS
+	log_dbg_printf("UserDBPath: %s\n", opts->userdb_path);
+#endif /* DEBUG_OPTS */
+}
+
 static void
 opts_set_user_auth_url(opts_t *opts, const char *optarg)
 {
@@ -1645,8 +1660,21 @@ set_option(opts_t *opts, const char *argv0,
 #ifdef DEBUG_OPTS
 		log_dbg_printf("UserAuth: %u\n", opts->user_auth);
 #endif /* DEBUG_OPTS */
+	} else if (!strncmp(name, "UserDBPath", 11)) {
+		opts_set_userdb_path(opts, value);
 	} else if (!strncmp(name, "UserAuthURL", 12)) {
 		opts_set_user_auth_url(opts, value);
+	} else if (!strncasecmp(name, "UserTimeout", 12)) {
+		unsigned int i = atoi(value);
+		if (i <= 86400) {
+			opts->user_timeout = i;
+		} else {
+			fprintf(stderr, "Invalid UserTimeout %s at line %d, use 0-86400\n", value, line_num);
+			goto leave;
+		}
+#ifdef DEBUG_OPTS
+		log_dbg_printf("UserTimeout: %u\n", opts->user_timeout);
+#endif /* DEBUG_OPTS */
 	} else if (!strncmp(name, "ProxySpec", 10)) {
 		/* Use MAX_TOKEN instead of computing the actual number of tokens in value */
 		char **argv = malloc(sizeof(char *) * MAX_TOKEN);
diff --git a/opts.h b/opts.h
index 0b2bf32..1e3e5aa 100644
--- a/opts.h
+++ b/opts.h
@@ -144,9 +144,11 @@ typedef struct opts {
 	unsigned int verify_peer: 1;
 	unsigned int allow_wrong_host: 1;
 	unsigned int user_auth: 1;
-	char *user_auth_url;
+	char *userdb_path;
 	sqlite3 *userdb;
+	char *user_auth_url;
 	struct sqlite3_stmt *update_user_atime;
+	unsigned int user_timeout;
 } opts_t;
 
 typedef struct userdbkeys {
diff --git a/pxyconn.c b/pxyconn.c
index fb2984e..7fc35b4 100644
--- a/pxyconn.c
+++ b/pxyconn.c
@@ -1563,7 +1563,7 @@ identify_user(UNUSED evutil_socket_t fd, UNUSED short what, void *arg)
 
 			int atime = sqlite3_column_int(ctx->thr->get_user, 2);
 			time_t now = time(NULL);
-			if (now - atime > 300) {
+			if (now - atime > ctx->opts->user_timeout) {
 #ifdef DEBUG_PROXY
 				log_dbg_level_printf(LOG_DBG_MODE_FINEST, "identify_user: User entry timed out, now=%lld, atime=%u, ctx->fd=%d\n", (long long)now, atime, ctx->fd);
 #endif /* DEBUG_PROXY */
diff --git a/sslproxy.conf b/sslproxy.conf
index bbf102e..14edcfb 100644
--- a/sslproxy.conf
+++ b/sslproxy.conf
@@ -205,6 +205,12 @@ AllowWrongHost no
 # Require authentication for users to use SSLproxy
 #UserAuth no
 
+# Path to user db file
+#UserDBPath /var/db/users.db
+
+# Time users out after this many seconds of idle time
+#UserTimeout 300
+
 # Redirect URL for users to log in to the system
 #UserAuthURL https://192.168.0.1/userdblogin.php