Re: [OpenAFS] Multiple logins
On Sat, Mar 19, 2011 at 1:23 PM, Jaap Winius jwin...@umrk.nl wrote: Quoting Dirk Heinrichs dirk.heinri...@altum.de: ... Is it possible to prevent users from logging in more than once ... No, you can't. ... Couldn't you potentially write a PAM module to do exactly that? At the top of the session stack, have it store the status of the user's session in LDAP somewhere (or potentially in some other database, and then on logout, remove the Joe has an active session flag. Then, upon a second or subsequent attempt at login, the PAM module could kick the user out? I don't know the logistics of doing so, unfortunately; potentially Russ could give a better hand-wave solution? -Coy ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Multiple logins
On 03/20/2011 08:19 AM, Coy Hile wrote: On Sat, Mar 19, 2011 at 1:23 PM, Jaap Winiusjwin...@umrk.nl wrote: Quoting Dirk Heinrichsdirk.heinri...@altum.de: ... Is it possible to prevent users from logging in more than once ... No, you can't. ... Couldn't you potentially write a PAM module to do exactly that? At the top of the session stack, have it store the status of the user's session in LDAP somewhere (or potentially in some other database, and then on logout, remove the Joe has an active session flag. Then, upon a second or subsequent attempt at login, the PAM module could kick the user out? I don't know the logistics of doing so, unfortunately; potentially Russ could give a better hand-wave solution? Is this enforcing a policy decision or just preventing technical problems caused by multiple logins? I'm wondering because we us gnome on RHEL5 with AFS home directories and multiple logins on different machines haven't been an issue, but trying to login to gnome multiple times on the same machine does cause error messages. Jason ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Multiple logins
Quoting Jason Edgecombe ja...@rampaginggeek.com: Is this enforcing a policy decision or just preventing technical problems caused by multiple logins? For my site it is strictly to prevent technical problems. I'm wondering because we us gnome on RHEL5 with AFS home directories and multiple logins on different machines haven't been an issue, but trying to login to gnome multiple times on the same machine does cause error messages. Interesting. Since Xfce is based on the GTK+ v2 toolkit (the same as GNOME), it may not suffer the problems that I anticipate. I'll run some tests later on when I have to opportunity and report the results. Cheers, Jaap ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Multiple logins
Am 18.03.2011 22:54, schrieb Jaap Winius: My site uses OpenAFS and MIT Kerberos with OpenLDAP for user meta data (all running on Debian squeeze). Is it possible to prevent users from logging in more than once, or at least to prevent them from starting up the same desktop environment on multiple hosts with the same account, since this usually leads to problems? No, you can't. Which desktop env. is it that makes problems? Maybe using another one is an option. OTOH, why can they start it up on the other host at all? There's no need to install one in the first place since users can login using ssh with X11 forwarding and their windows will popup on their local X server display. And then there's VNC. HTH... Dirk ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Multiple logins
Quoting Dirk Heinrichs dirk.heinri...@altum.de: ... Is it possible to prevent users from logging in more than once ... No, you can't. ... Thought so. A workaround may be to install different desktop environments and applications on some hosts. Which desktop env. is it that makes problems? KDE, although I don't plan to use it at the site; it's too slow over the 2.5Mbps WAN links. Maybe using another one is an option. The current plan is to use Xfce, although I assume that I will see many of the same problems as with KDE (most of the apps will be the same). OTOH, why can they start it up on the other host at all? There's no need to install one in the first place since users can login using ssh with X11 forwarding and their windows will popup on their local X server display. Unfortunately, the staff aren't that knowledgeable and it must be possible to use the other workstations independently anyway. It's just that sometimes one of the buildings is understaffed and personnel find it very convenient to simultaneously login to hosts on different floors. Cheers, Jaap ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
