HPE Community
Operating System - HP-UX
1833777 Members
1837 Online
110063 Solutions
New Discussion

Re: MAX_LOGIN_SESSIONS

 
Rick Garland
Honored Contributor

‎01-13-2005 03:31 AM

‎01-13-2005 03:31 AM

MAX_LOGIN_SESSIONS

Here is another one. What do you folks typically use for the MAX_LOGIN_SESSIONS?

0 Kudos
11 REPLIES 11
Florian Heigl (new acc)
Honored Contributor

‎01-13-2005 03:41 AM

‎01-13-2005 03:41 AM

Re: MAX_LOGIN_SESSIONS

Hi,

/etc/default/security is 'default' as in 'not there', so I think that kernel parameter should apply...
11.11:
Parameter Current Dyn Planned Module Version
===============================================================================
maxusers 512 - 512
11.00:
Parameter Value
===============================================================================
maxusers 512

(after *bad* experiences ;)

I hope this is what You wanted to know :)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Rick Garland
Honored Contributor

‎01-13-2005 03:43 AM

‎01-13-2005 03:43 AM

Re: MAX_LOGIN_SESSIONS

I looking for consensus. What are most of the SYS ADMINS setting this parameter to?

0 Kudos
Fred Ruffet
Honored Contributor

‎01-13-2005 03:52 AM

‎01-13-2005 03:52 AM

Re: MAX_LOGIN_SESSIONS

Where do you set this ?

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Rick Garland
Honored Contributor

‎01-13-2005 04:24 AM

‎01-13-2005 04:24 AM

Re: MAX_LOGIN_SESSIONS

I am on HPUX 11.11.

In the /etc/default/security file.

I believe this is in 11.00 as well.

0 Kudos
Fred Ruffet
Honored Contributor

‎01-13-2005 04:32 AM

‎01-13-2005 04:32 AM

Re: MAX_LOGIN_SESSIONS

I don't have /etc/default/security...

maxusers is set to 512 on most systems, but one has 32, the other 2000... I can't give a universal rule.
Note that maxusers is only used in calculation rules for other parameters, it won't stop connections. If you change formulas, it won't be usefull at all.

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
0 Kudos
Sanjay_6
Honored Contributor

‎01-13-2005 04:42 AM

‎01-13-2005 04:42 AM

Re: MAX_LOGIN_SESSIONS

Hi Rick,

Are you talking about the "NUMBER_OF_LOGINS_ALLOWED" parameter in the /etc/default/security file.

I think "2" should be a good number unless the account is shared between multiple users. Do remeber that this restriction does not apply to root (i think).

Hope this helps.

Regds
0 Kudos
Rick Garland
Honored Contributor

‎01-13-2005 04:44 AM

‎01-13-2005 04:44 AM

Re: MAX_LOGIN_SESSIONS

Yes, I am referring to the maximum number of login sessions a user can open.

Right now the /etc/default/security file does not have this parameter set. I would like to setit.

I do have the SU_ROOT_GROUP in the security file.
0 Kudos
Sanjay_6
Honored Contributor

‎01-13-2005 05:14 AM

‎01-13-2005 05:14 AM

Re: MAX_LOGIN_SESSIONS

Hi Rick,

do remeber that ftp does not look at /etc/default/security file and hence this option would be ignored for users doing ftp to this system. Also i think there are enhancement requests out there for ssh/rexecd to use this paramerer unless they have been resolved already.

What i meant by saying that the parameter is not applicable to root is that, say this parameter is set to "2", root can have more than 2 login sessions. The parameter is only applicable to normal users.

Hope this helps.

Regds
0 Kudos
Rick Garland
Honored Contributor

‎01-13-2005 05:21 AM

‎01-13-2005 05:21 AM

Re: MAX_LOGIN_SESSIONS

Correct - ftp does not look at this parameter.
You would limit ftp logins through the ftp access files (I believe that is correct).

With the root user I am not too worried about.

I am not completely sure but there is a configuration in the sshd_configuration file that has a value for MaxStartups. I wounder if this value was manipulated you could limit the number of ssh logins?

0 Kudos
Sanjay_6
Honored Contributor

‎01-13-2005 05:49 AM

‎01-13-2005 05:49 AM

Re: MAX_LOGIN_SESSIONS

Hi Rick,

I was checking on "Maxstartups" and i found that

/Quote/

MaxStartups does not mean the total number of connections, only the total number of unauthorizated ones.

/EndQuote/

that means the system will have that many numbers of open connections that have not been validated yet. That many number of people trying to login who haven't been authenticated yet.

Hope this helps.

regds
0 Kudos
Rick Garland
Honored Contributor

‎01-13-2005 09:10 AM

‎01-13-2005 09:10 AM

Re: MAX_LOGIN_SESSIONS

Many thanks - this post is confusing and it is my fault.

Thanks again
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.