On Mon, 2017-11-27 at 21:42 +0100, Michael Frank via FreeIPA-users
> Hi,
> we run freeipa based on red hat 7.3 
> It is possible to determine if a certain user (idm user who can become root 
> via sudo) is logged in on multiple idm machines 
> and restrict for the user that only *one* login on a single server at the 
> same time is allowed ?
> Any hints how to do this - or - is there something „built-in“ ?

not possible in freeIPA and not something we'd likely implement.

However it should be relatively simple to build a pam service that
enforces that by contacting a custom service.

The devil is in the "denial of service" details, you need to build
something very robust that does not completely disrupt your environment
and allows for nuanced exceptions.


Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to