HPE Community
Operating System - HP-UX
1833007 Members
2342 Online
110048 Solutions
New Discussion

How to fix the max no of login session of particular user

 
SOLVED
Go to solution
Kuntal Gupta
Frequent Advisor

‎11-09-2010 04:50 AM

‎11-09-2010 04:50 AM

How to fix the max no of login session of particular user

Hi experts,

HP-UX 11.31,

nstrtel is 1000.

How to fix the max no of allowed telnet session for following user with the given value?

root=5

user1=250

user2=450

user3=295

regards...

Kuntal
0 Kudos
Reply
10 REPLIES 10
vishnu.khandare
Respected Contributor

‎11-09-2010 05:11 AM

‎11-09-2010 05:11 AM

Re: How to fix the max no of login session of particular user

Hi Kuntal,

Check the below kernel tunables and you may need to increase as per your requirement
#kctune

npty
nstrpty
nstrtel

The default values for these tunable in v3 is 60
As these tunables are static ,You nee to reboot the server for change to take effect.
recommended value of this parameter be set to 512.

Refer below thread

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1344064

Hope this solves ur issue
Dont forget to assign points.

Regards
Vishnu Khandare
You should deserve before U desire!!!!
0 Kudos
Reply
Kuntal Gupta
Frequent Advisor

‎11-09-2010 05:26 AM

‎11-09-2010 05:26 AM

Re: How to fix the max no of login session of particular user

Thanks Mr Vishnu,

I think I didn't put my quarry properly. Let me explain once again.

Im my system, max 1000 users can login, but there is no restriction of the upper limit of opening telnet session for a particular user. I want to freeze the max telnet session for a particular user.

Say, now total user login is 780, and any user can open a fresh telnet session. But i want to set a value for a prticular user.If user1 has already opened 250 sessions, he can not open any more though till 220 (1000-780) sessions can be opened.

I hope it will help you understanding my quarry.

regards...

Kuntal
0 Kudos
Reply
vishnu.khandare
Respected Contributor

‎11-09-2010 05:33 AM

‎11-09-2010 05:33 AM

Re: How to fix the max no of login session of particular user

Hi Kuntal,

I dont thing so we can restrict perticular user sessions logins in HP Unix to perticular no.

Regards
Vishnu Khandare
You should deserve before U desire!!!!
0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎11-09-2010 05:39 AM

‎11-09-2010 05:39 AM

Re: How to fix the max no of login session of particular user

Hey;

>>I dont thing so we can restrict perticular user sessions logins in HP Unix to perticular no.

yes, you can - particularly with HPUX 11.31

man security

It outlines the parameters and values that can be applied in /etc/default/security. Pay particular attention to NUMBER_OF_LOGINS_ALLOWED.

If, for whatever reason that doesn't work, an if/then in /etc/profile should do the trick:

if [ ${LOGNAME} != "root" ]
then
n=$(w | grep -i ${LOGNAME} | wc -l)
if [ ${n} -gt ${max} ]]
then
echo "how many windows can you possibly type in at the same time???"
exit
fi
fi

NOTE: That's *completely* untested... to be used as an example only.

Hope that helps.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
Kuntal Gupta
Frequent Advisor

‎11-09-2010 05:47 AM

‎11-09-2010 05:47 AM

Re: How to fix the max no of login session of particular user

Thanks a lot Mr Doug O'Leary,

I will definitely try will get back to all of you (tomorrow).

regards...

Kuntal
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-09-2010 06:20 AM

‎11-09-2010 06:20 AM

Re: How to fix the max no of login session of particular user

>>It outlines the parameters and values that can be applied in /etc/default/security. Pay particular attention to NUMBER_OF_LOGINS_ALLOWED.

Yes, that will give you **SOME** control, but it will NOT allow you do 250 for user1, 450 for user2 and it does not apply to root at all.

0 Kudos
Reply
Doug O'Leary
Honored Contributor

‎11-09-2010 06:29 AM

‎11-09-2010 06:29 AM

Re: How to fix the max no of login session of particular user

Hey;

You are quite correct; however, there's also a reference in that same section of the man page to an entry that can be made to the userdb. "man userdb" shows the parameter to be the same NUMBER_OF_LOGINS_ALLOWED.

Should that prove untenable, the per user limit could be easily added in the logic in /etc/profile and with the use of an external data table

user1:250
user2:450

etc.

The point I was making is limiting the number of simultaneous logins *can* be done ... several different ways.

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
Patrick Wallek
Honored Contributor

‎11-09-2010 06:33 AM

‎11-09-2010 06:33 AM

Re: How to fix the max no of login session of particular user

Hi Doug,

That is good to know. I was looking at the 11.23 security man page as I don't have 11.31.

Thanks for the additional info!
0 Kudos
Reply
Ismail Azad
Esteemed Contributor

‎11-09-2010 10:37 AM

‎11-09-2010 10:37 AM

Solution

Re: How to fix the max no of login session of particular user

Kuntal,

In HPUX 11iv3 operating system, we don't convert the system to trusted system anymore and use SMSE for which we have commands like userdbget, userbdset and userdbck which takes the attributes of a file called as /etc/security.dsc and per user account you will be able to configure the number of logins allowed. The biggest advantage of this in HPUX 11iv3 is that I can also configure users who are associated with NIS and LDAP and have all the advantages of a trusted system as well,

Regards
Read, read and read... Then read again until you read "between the lines".....
Reply
Kuntal Gupta
Frequent Advisor

‎11-09-2010 09:39 PM

‎11-09-2010 09:39 PM

Re: How to fix the max no of login session of particular user

THANKS a lot Mr Ismail Azad, it worked.

#/usr/sbin/userdbset -u NUMBER_OF_LOGINS_ALLOWED=x

#userdbget -u --- TO CONFIRM


Thanks once again....

Kuntal
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.