squatex
asked on
Limit users to logging in from one concurrent host
I realy want to do this as a means to discourage the sharing of accounts (a rampant problem at my company).
Users need to be able to use thier account from any host, and need to be logged in from the same host multiple times, but I dont want them using the same account from a second host concurrently.
Any suggestions on how to implement this under suse 9.1?
Users need to be able to use thier account from any host, and need to be logged in from the same host multiple times, but I dont want them using the same account from a second host concurrently.
Any suggestions on how to implement this under suse 9.1?
ASKER
These are all windows clients and a single Suse 9.1 server. The telnet and ssh sessions are all I really care about in this context. They all connect (we max out at about 130 users) via telnet/shh to run a custom finance app.
Fact is, I really dont have alot of control at the network level so making changes there is kind of moot. I do have complete control of this box though.
I was hoping there was some kind of built in functionality in PAM that would allow me to do this, otherwise Ive got a nasty shell script to write.
Fact is, I really dont have alot of control at the network level so making changes there is kind of moot. I do have complete control of this box though.
I was hoping there was some kind of built in functionality in PAM that would allow me to do this, otherwise Ive got a nasty shell script to write.
I think it is easier to write a wrapper script for your app, maintain a counter in your system, check the number of instance of the app is running before start a new one.
ASKER
yuzh - This will not work because users may or may not be running multiple instances of the app. Im looking to do this at the telent/ssh level anyway.
To limit telnet or ssh session, you can modify /etc/profile, please see
my answer in:
http:Q_21193950.html
my answer in:
http:Q_21193950.html
ASKER
Yea but that doesnt fit the criteria.
Nevermind I figured it out anyway. Thank you for trying to help me out.
Just in case anyone needs it add it to you ~/.profile.:
hostlist=`last | grep $USER[[:space:]] | grep "still logged in" | cut -c 23-39`
telnetmyhost=`echo $REMOTEHOST | cut -c 1-16`
sshmyhost=`echo $SSH_CONNECTION | awk '{print $1}' | cut -d: -f4`
if [ $telnetmyhost = "" ]
then
myhost=$sshmyhost
else
myhost=$telnetmyhost
fi
for ahost in $hostlist
do
if [ $ahost != $myhost ]
then
kill -9 $$
fi
done
Nevermind I figured it out anyway. Thank you for trying to help me out.
Just in case anyone needs it add it to you ~/.profile.:
hostlist=`last | grep $USER[[:space:]] | grep "still logged in" | cut -c 23-39`
telnetmyhost=`echo $REMOTEHOST | cut -c 1-16`
sshmyhost=`echo $SSH_CONNECTION | awk '{print $1}' | cut -d: -f4`
if [ $telnetmyhost = "" ]
then
myhost=$sshmyhost
else
myhost=$telnetmyhost
fi
for ahost in $hostlist
do
if [ $ahost != $myhost ]
then
kill -9 $$
fi
done
Agree with PAQ / Refund
Cheers!
yuzh
PS: to check user current login to the system "who" is better than "last", "who" still can give you
the remote login infor.
Cheers!
yuzh
PS: to check user current login to the system "who" is better than "last", "who" still can give you
the remote login infor.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is an interesting question. I'm not sure I can help but I'd like to know more to give it some thought.