On Fri, 2006-04-21 at 08:44 +0200, Ariën Huisken wrote: > >> >> Is it possible (and how) to prevent users to log in more than once with > >> >> the same username on the console through telnet? > >> > > >> > Do you want to limit logins on the console or logins via telnet? > >> > > >> > You shouldn't be using, much less mentioning, telnet for logins anyway. > >> > Only use ssh. > >> > >> That's not the issue here, I agree, > > > > How you limit logins on the console and how you limit remote logins can > > be handled in different ways. Limiting console logins is pretty useless > > in my opinion, because if someone has physical access, console login > > limits are the least of your worries. > > Have you ever thought my question had nothing to do with security but > the application that is running for the users? Instead of mentioning to > use ssh it can be wise to ask why soneone wants to use telnet.
I'm not questioning the use of telnet, I'm questioning the use of telnetd to access a trustix machine. You asked about limiting logins via telnet, which implies use of telnetd, which is the server component that would in some way enforce the limits. > No, no, no there are many situations one has to use telnet, only > perhaps not in your world. In this case it are servers controlled by > consoles attached to industrial machines and trucks of a big plant. > Security is managed on a other level and simply changing dozens of > consoles on machines that cost $100K+ is not really an option. But you didn't ask about how to limit access via telnet to "servers controlled by consoles attached to industrial machines and trucks of a big plant", you asked, on a trustix mailing list, how to limit access via telnet, so it seems you want to limit access via telnet to a trustix machine (and the former would be an odd question to ask on a trustix mailing list anyway). Presumably, these "industrial machines" have some kind of admin interface that is controlled via telnet -- that's fine, and unrelated to logging into the trustix machine. For logging into a trustix machine, you should be using ssh -- and not just for security, but because ssh has tremendously better terminal support. > So, can I prevent users from loggin in twice with the same username and how? On the console... since the console can only physically be used by one person at a time, you could just comment out all but one of the getty lines in /etc/inittab, then only one session CAN be logged in to the console at a time. -- Andy Bakun <[EMAIL PROTECTED]> _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
