When multiple users with the same source IP want access through the firewall authpf grants access to the newly authenticating user and kicks off the previous user. Is there a way to turn off this behaviour so both users maintain authpf tables?
Works: 1a. [EMAIL PROTECTED] -> authpf -> maintains logon 1b. [EMAIL PROTECTED] -> authpf -> logs on Doesn't Work: 2a. [EMAIL PROTECTED] -> authpf -> gets kicked off 2b. [EMAIL PROTECTED] -> authpf -> logs on Real-life example: Step #1 xuser authenticates from IP_1; xuser has access to firewall firewall# pfctl -s Anchors -v authpf authpf/bfisher(25933) authpf/xuser(1308) authpf/rarthur(15647) authpf/schatterjee(31961) Step #2 cyoub authenticates from IP_2; both xuser and cyoub have access to firewall firewall# pfctl -s Anchors -v authpf authpf/bfisher(25933) authpf/cyoub(2104) authpf/xuser(1308) authpf/rarthur(15647) authpf/schatterjee(31961) Step #3 cyoub authenticates from IP_1; ONLY cyoub has access to firewall as he was the last to login. xuser is kicked off??? firewall# pfctl -s Anchors -v authpf authpf/bfisher(25933) authpf/cyoub(27921) authpf/rarthur(15647) authpf/schatterjee(31961) firewall# pfctl -a "authpf/cyoub(27921)" -s rules pass in quick on bge0 inet from 10.0.1.47 to 172.16.0.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.4.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.8.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.12.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.20.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.20.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.80.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.48.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.4.0/22 flags S/SA keep state pass in quick on bge0 inet from 10.0.1.47 to 172.16.28.0/22 flags S/SA keep state -- View this message in context: http://www.nabble.com/authpf-allows-only-one-user-from-the-same-source-ip--kicks-off-previous-user-tf3978999.html#a11295667 Sent from the openbsd user - misc mailing list archive at Nabble.com.
