Limit user login to only one time ever
Christian Patterson
I have a customer who needs to limit some of their FTP/SCP users to
one login, this is not concurrent logins. I've been looking for a PAM
module to do this, and can't seem to find one yet.
Account expiration times are no good as they are servicing a global
user base. One time passwords are also no good.
I am looking for something that might be able to do this on a group
level.
I don't expect I'll find what I'm looking for, and imagine that only
one simultaneous used ID login with a periodic cron job to clean up
ID's, will be the answer.
I appreciate any and all thought or comments.
Thank you
James Knott
If it were telnet logins, it would be a simple matter, to write a couple of
lines in bashrc etc., to disable the password. I'm not sure if something
similar can be done with ftp.
--
All the facts above are true, except for the ones I made up.
To reply to this message, replace everything to the left of "@" with
james.knott.
Christian Patterson
> Christian Patterson wrote:
>
> > hank you for the help.
> >
> > I have a customer who needs to limit some of their FTP/SCP users to
> > one login, this is not concurrent logins. I've been looking for a PAM
> > module to do this, and can't seem to find one yet.
> >
> > Account expiration times are no good as they are servicing a global
> > user base. One time passwords are also no good.
> >
> > I am looking for something that might be able to do this on a group
> > level.
> >
> > I don't expect I'll find what I'm looking for, and imagine that only
> > one simultaneous used ID login with a periodic cron job to clean up
> > ID's, will be the answer.
> >
> > I appreciate any and all thought or comments.
>
> If it were telnet logins, it would be a simple matter, to write a couple of
> lines in bashrc etc., to disable the password. I'm not sure if something
> similar can be done with ftp.
Yeah, seems like there should be a way to do it though. Thank you.
Christian