Account can only be used to login one at a time

Andrew Bartlett abartlet at samba.org
Thu Oct 7 10:32:47 GMT 2004 

On Thu, 2004-10-07 at 18:09, Jim Potter wrote:
> Hi,
>    The PAM module I wrote was an attempt at a single sign-on system, 
> where a successfull response was given if a user tried to login from an 
> ip address with an active samba session for that name (it didn't work 
> very well, as most apps do not seem to hand the IP address of the client 
> to PAM). To limit concurrent connections, OK, it doesn't directly 
> address any of the problems you stated - I got the impression that 
> connections closed ~30 seconds after a user logs out. (the holding 
> connections open part was not an issue, as I recall... the .tdb files 
> keep a list of users with active sessions which do not seem to time out 
> unless a connection is lost. See smbstatus - the 
> PID/Username/Group/machine bit).
>     Using this in conjunction with the client call methods mentioned 
> earlier in this thread, you could solve the below problems - when a user 
> tries to log in, see if they have a current session - if they have, call 
> the client host(s) where they are recorded as already being logged in, 
> and find out if they really are still logged in - this would solve the 
> remaining 3 of your problems below.

This works, for cases where there is a persistent CIFS connection to the
server.  However (and this is why I talk about partial solutions) there
is no CIFS connection that must be maintained for the user to remain
logged in.  It could be that at particular sites, the home drive is on
the PDC (and always mapped), and that is a good 'indicator'.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20041007/a131a108/attachment.bin

More information about the samba-technical mailing list