[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to restrict the simultaneous login

Praveen Kumar writes:
> I using the LDAP server for authentication and log into a machine.
> Now i want the user should not be allowed log into any machine, if it is
> already logged into one machine using that LDAP server for the login and
> authentication.
> Means that there should not be any simultaneous login for the same
> user. Is this possible using the LDAP or Not.

Not by itself.  The machine uses LDAP simply to check if the username
and password are correct, and perhaps get his account info.  That done,
it likely terminates that LDAP session though the user stays logged in
on the machine.  Nothing informs the LDAP server when the user logs out
from the machine, so the LDAP server doesn't know when to start
accepting logins for that user on that machine again.

So you need to solve this on the machine the user logs in on.

Thogh I suppose it might be possible to a Single Sign-On service in
reverse somehow on your network.  SSO - like Kerberos which LDAP
supports via SASL - lets you login just once on your network and then
logins elsewhere makes use of tickets from the first login instaed of
asking for a certificate again.