Restricting Multiple loggin sessions

Naushi · June 5, 2005, 6:20am

Any idea as to how multiple loggin sessions by the same user (using Hyper terminal/Telnet) be restricted in Sun Solaris 8.

Rgds

Naushi

ppass · June 6, 2005, 7:47am

you can add the following to the users profile :

USERLOGINS=`who | grep ( userid ) | wc -l`
if [ "$USERLOGINS" -eq ( max no. of logins ) ] ; then
exit 1
else
( process remaining environment )
fi

cheers

tom_xx_hu · June 6, 2005, 11:40am

If we are strict at "restrict", there should be better approach. Is there PAM for Solaris?

Naushi · June 6, 2005, 12:00pm

What's PAM

reborg · June 6, 2005, 12:05pm

Pluggable Authentication Modules and no it's not there in Solaris 8 by default.

Naushi · June 6, 2005, 12:17pm

Thanks ppass, I'll try it out.

zazzybob · June 7, 2005, 9:06am

Add this to the global profile (/etc/profile or whatever) otherwise the user will just login, vi $HOME/.profile, and remove it....

MAXLOGINS=5   # or whatever
WHOAMI=`whoami`
CURRENTLOGINS=`who | grep -c "${WHOAMI}"`
if [ "${CURRENTLOGINS}" -eq "${MAXLOGINS}" ]; then
  exit 1
fi
# no need for else.... rest of profile goes here

Cheers
ZB

Naushi · June 7, 2005, 12:29pm

Thanks ppass
It worked (with li...ttle bit of change)

Cheers

zazzybob · June 9, 2005, 9:17am

But the user can just edit their .profile file and remove your checks.

It would be far safer to use the method I've indicated, placing it in the global profile in /etc/profile.

Also; what happens when you add 20 new users to the system? Have you modified the .profile file in /etc/skel? Have you hard coded the user name into the .profile? What happens when the wiley user wants to login more than X times and removes your checks from their writable .profile?

Using my method would solve all these issues.

Anyway.... :rolleyes:

Cheers
ZB

Naushi · June 9, 2005, 12:33pm

zazzybob;

Here's how I did it;
I edited the .profile in /etc/skel,

USERLOGINS=`who | grep $LOGNAME | wc -l`
if test $USERLOGINS -eq (x)
then
exit 1
else
([/i]process remaining environment)

..
Then I copied the .profile to the individual users $HOME

I'll deffinitely try out your method also. Thanks a lot.

zazzybob · June 9, 2005, 7:13pm

That should solve a few of the problems, i.e. it will be applied for new users added to the system, and the userids are not hard-coded into individual profiles - the only remaining issue would be if the user were to edit their .profile and remove the checking - and if your users are anything like most of the users I've looked after, they probably haven't even heard of a .profile file

Cheers
ZB