[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Max concurrent logins





--On Thursday, April 01, 2004 9:24 AM -0800 Alucard Lim <yxannes@yahoo.com> wrote:

Searched long and hard for information regarding the
subject line but to no avail. Basically, I do not want
users to use their accounts to login to 2,000,000 PCs
at once.

Was told I can try edit /etc/security/limits.conf but
what that does was to limit local logins, not domain
wide.

And openldap 2.1.x default schemas definitely do not
have a maxlogins attribute.

I am not sure whether clients maintains a connection
with the ldap server after they have authenticated so
we can attack the problem from there.

So is this feature lacking in 2.1.x or are there login
scripts that can accomplish this?

There's nothing per se that tells openLDAP how many hosts someone is logged into either. And, given the fact that nothing is sent to the server when the person logs out, how can you tell if someone simply hasn't logged out of 10 hosts and into 10 new ones?


If you want to do something like this, I suggest you write a custom call into your login and logout pieces of your OSes, that will write to a custom server that tracks how many systems a given user is logged into.

Of course, this has nothing to do with OpenLDAP per se, so you'll need another list to post your question to.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html