[4594] in Kerberos
Re: Kerberos Login/Authorizations
daemon@ATHENA.MIT.EDU (Randall S. Winchester)
Fri Feb 10 12:23:29 1995
Date: Fri, 10 Feb 1995 12:04:46 -0500 (EST)
From: "Randall S. Winchester" <rsw@Glue.umd.edu>
To: Michael Crisp <michaelc@ramnet.net>
Cc: kerberos@MIT.EDU
In-Reply-To: <3hfop6$jnc@ram.ramnet.net>
On 10 Feb 1995, Michael Crisp wrote:
> Is there any way to limit how many logins or authorizations Kerberos will allow for a
> single user? I am using Kerberos 4 and would like to limit users to a single session
> by denying tickets to a user who already has an authorized session. Thanks for any
> help you can give me.
Kerberos deals with authentication not authorization, but you should be able
to had that sort of checking to a kerberos login.c with out to much effort.
I add "authorization" code to all my rcmds, however I have not done any
single instance checking. It depends how robust you wanted to get, but
looking through utmp would be a first stab, if your rcmds all update your
utmp file. Check your rexecd, rshd and such if you have them enabled.
If you look for a Kerberos ticket file, the user can just kdestroy;
login again; kinit.
Also with things like X and screens, once in I can open a whole lot of
sessions, but this may not be what you are trying to guard against.
Randall
>
>
> Michael Crisp
> michaelc@ramnet.net
> RAMNet Internet Access
> (304)523-1726 ext. 204
>
