Restricting access via mgetty/AutoPPP

We have a stable dial-in setup using recent mgetty and AutoPPP.  We wish to prevent users from connecting multiple times in parallel.  Any ideas?  (I really don't want to give up AutoPPP)
remsteveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
In /etc/csh.login (/etc/.profile or whatever your user's login shell is) check if allready logged in (with w, ps aux, or whatever) and if so, perform a logout.
0
remsteveAuthor Commented:
The whole point of AutoPPP is that a shell is not invoked, so this suggestion is not feasible.
0
remsteveAuthor Commented:
Adjusted points to 210
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

ahoffmannCommented:
see /etc/mgetty+sendfax/login.config, you can use your own login program instead of the default /bin/login
0
remsteveAuthor Commented:
Some missunderstanding here:
  > .. No /bin/login or shell is invoked ..
  > .. except for this multiple login problem.

Are they logged in? Or is your pppd-mashine just a router/gateway
handling dial-in sessions, then you must patch mgetty for your desires (I think).
0
ahoffmannCommented:
Good point.  It all depends how you define 'logged-in' I suppose.  Entries are written to wtmp and utmp, but the connections are ppp routing only.
0
remsteveAuthor Commented:
How can say that /bin/login is *not* invoked?
mgetty definitely calls /bin/login (or what was defined as default at compile time) or the program specified in mgetty.conf.

So I suggest you need you private login. Rebuild it from the original login source.

Do you agree?
0
ahoffmannCommented:
if I get it right, mgetty directly calls AutoPPP w/out any
/bin/login processing.

If you have a separate account for each user, you have the
chance to direct mgetty to first call a test program (you'll
have to write it, but it is simple), which looks for a file
/var/spool/uucp/LCK..<username> (or any other distinguishable
name), which contains the pid of the process for that user.
If the process exists (/procs/<pid>/) and is AutoPPP
(/proc/<pid>/cmdline), the user is online and test program
will exit. Else you have to create the lockfile new with
the actual pid and then do an exec to AutoPPP
(see: man 2 execve). This will preserve your actual pid,
so the next login test from the same user will see
AutoPPP running at the pid, which is stated in the users
lockfile.

This function won't work if either AutoPPP works on a
single account and manages the users itself or AutoPPP
exits while the connection keeps established, so the
check cannot check the presence/absence of the users
connection.

You may realize the test tool as a C program or even as
a simple shell script. For security reasons I would prefer
a C binary.

hope, that helps you

0
smileCommented:
OK - I give up on this one.  AutoPPP is an internal feature of mgetty, so it looks like I'll have to hack into mgetty (unless pppd offers any hooks?).

Thanks for the thoughts

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
remsteveAuthor Commented:
Hi remsteve, a little late, so you might not get this.  We had the same problem and after looking around for a bit, I ended up hacking _pppd_ itself.  In the pap authorization module (I believe) right before it assigns the IP I run a quick script that does an awk to see if anyone else is online, it also does some stuff like look for a static.username file with a static IP if the customer has one, etc.  

At anyrate, just thought I'd help confirm that it's a hack job required and that you should probably be looking in pppd rather than mgetty.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.