Really need help for limiting user access...

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

>>>>> "Alexis" == Alexis S Panagides <alex@inova.net> writes:

 Alexis> My question: how can I limit a user to one session at a
 Alexis> time? Someone gave me the idea of making the user shell a
 Alexis> program that checks 'w' for the user's existence. It
 Alexis> worked but I discovered that for mgetty, whether the shell
 Alexis> works or not doesn't matter. I use PAP authentication and
 Alexis> don't give shell access anyway. All users have /dev/null.

If you used static IP addresses, one per user, then multiple users
would mean multiple modems with the same IP address. I don't know
exactly what would happen -- probably depends on your routing table
setup -- but I am sure it wouldn't work in a desirable manner, which
would create the grief for the user(s) multiply logged in immediatly.
Once they caught on, they would stop this abusive practice.

Another strategy would be to detect multiply logged-in users and
change their login shell from the normal one to one that just said
their account has been disabled because of a security violation, and
that they would have to phone the sysadm to get re-enabled. He could
explain the problem and if they could validate their identy (maiden
name of pet goldfish, or whatever) then the sysadm could give them a
new password. If identity could not be established, make them reapply
for a new account; the old one is closed.

-- 
-------- "And there came a writing to him from Elijah" [2Ch 21:12] --------
Robert Jay Brown III rj@eli.elilabs.com http://www.elilabs.com 1 847 705-0424
Elijah Laboratories Inc.; 37 South Greenwood Avenue; Palatine, IL 60067-6328
----- M o d e l i n g t h e M e t h o d s o f t h e M i n d ------
.