Really need help for limiting user access...

"Alexis S. Panagides" (alex@inova.net)
Mon, 15 Sep 1997 11:31:15 -0300
Messages sorted by:[ date ][ thread ][ subject ][ author ]
Many thanks to the help I received from members of this list! :)

After some great solutions to my problem of users making multiple
connections to my dialup server I have decided on the following that I
believe will work, however, I would like to see if there isn't a better way.

Many of the suggestions received worked, but I had left out the important
detail that I use the PAP type of connection therefore modifications to
shells or login programs did not work in my particular case.

Now I am using the ipparam pppd option, my login.config has the line:

/AutoPPP/ -	a_ppp	/usr/sbin/pppd auth -chap +pap login ipparam @ 

I pass the username to the ip-up script as arg $6 where I check the name
against `w` to see if the username is already in use. If it is I need to
kill the connection. I thought about running 'tail' on the appropriate
mg_tty* to get the pid. I haven't done this yet. I am not sure it is going
to work. But it seems a little sloppy to me. 

Is there a better way? Would a bad exit like "exit 1 or die" (speaking
Perl) in the script bring down the connection?

Thanks again,
Alex Panagides
Ceara, Brazil


At 11:58 PM 9/13/97 -0300, Alexis S. Panagides wrote:
>Friends,
>
>We are a budding ISP in Fortaleza, Brazil. I am using with much success
>mgetty for part of my dial-in solution.
>
>Recently, however, some of my users have been sharing their passwords with
>friends and family with the inevitable result that I have multiple logins
>for the same user account. As right this moment all my modems are full and
>one user has three sessions.
>
>My question: how can I limit a user to one session at a time? Someone gave
>me the idea of making the user shell a program that checks 'w' for the
>user's existence. It worked but I discovered that for mgetty, whether the
>shell works or not doesn't matter. I use PAP authentication and don't give
>shell access anyway. All users have /dev/null.
>
>Maybe I have to replace the entire login program? If so, does anyone have
>an example login program (in Perl or shell script) that I could examine? I
>think it would be pretty easy to modify, I just don't know the dynamics of
>a login program, ie. how should it exit to be interpreted by mgetty as
>success or failure, how should it get the password (seems the username
>comes in as the 1st argument).
>
>Whatever ideas or pointers to more information would be greatly appreciated.
>
>Best regards,
>Alex Panagides
>Ceara, Brazil
>
>
.