freebsd stable - Nov 2003 - help with login.conf session limiting

Hey folks,

I wonder if any of you have ever tried to restrict the # of simultaneous
sessions on a FreeBSD box using login.conf. I'm trying to use the
'sessionlimit' but it appears to be doing diddly squat. The class in
question is the following "subshell" one:

subshell:Shell Subscriber Accounts:\
        :tc=subscriber:

subscriber|Subscribers:\
        :accounted:\
        :refreshtime=180d:\
        :refreshperiod@:\
        :sessionlimit=2:\
        :autodelete=30d:\
        :expireperiod=180d:\
        :graceexpire=7d:\
        :gracetime=10m:\
        :warnexpire=7d:\
        :warnpassword=7d:\
        :idletime=30m:\
        :tc=standard:

Unfortunately, users appear to be able to log in more than twice. Any
ideas?

I Googled and searched the FreeBSD mailing lists at MARC, to no avail --
half the people claim that it doesn't work, and someone has offered up a
hack shell script to be executed upon user signon, but I would be
surprised if it has gone this long without working.

- Julian

-- 
[    Julian C. Dunn <jdunn@aquezada.com> * <julian@dreaming.org>    
]
[   WWW: www.aquezada.com/staff/julian/ * www.dreaming.org/~julian/   ]
[ PGP: 0xFDC205B9 - 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]
[      "sometimes you win, sometimes you lose / and most times        ]
[     you choose between the two" - carole king, "sweet seasons" 
]

On Friday 28 November 2003 04:47 am, Julian C. Dunn
wrote:
> I wonder if any of you have ever tried to restrict the # of simultaneous
> sessions on a FreeBSD box using login.conf. I'm trying to use the
> 'sessionlimit' but it appears to be doing diddly squat. The class
in
> question is the following "subshell" one:
login.conf is only used by login(1), not by sshd.
Try setting UseLogin in /etc/ssh/sshd_config
if you want sshd to use login, and therefore these
settings. Beware: this is NOT recommended.
> - Julian
-- 
Farid Hajji. http://www.farid-hajji.net/address.html