Re: Max concurrent logins

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, April 01, 2004 9:24 AM -0800 Alucard Lim <yxannes@yahoo.com> 
wrote:

> Searched long and hard for information regarding the
> subject line but to no avail. Basically, I do not want
> users to use their accounts to login to 2,000,000 PCs
> at once.
>
> Was told I can try edit /etc/security/limits.conf but
> what that does was to limit local logins, not domain
> wide.
>
> And openldap 2.1.x default schemas definitely do not
> have a maxlogins attribute.
>
> I am not sure whether clients maintains a connection
> with the ldap server after they have authenticated so
> we can attack the problem from there.
>
> So is this feature lacking in 2.1.x or are there login
> scripts that can accomplish this?

There's nothing per se that tells openLDAP how many hosts someone is logged 
into either.  And, given the fact that nothing is sent to the server when 
the person logs out, how can you tell if someone simply hasn't logged out 
of 10 hosts and into 10 new ones?

If you want to do something like this, I suggest you write a custom call 
into your login and logout pieces of your OSes, that will write to a custom 
server that tracks how many systems a given user is logged into.

Of course, this has nothing to do with OpenLDAP per se, so you'll need 
another list to post your question to.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html