Simultaneous login restriction is not, per-se, difficult to do in a dynamic
IP environment.
It does, however, require careful planning and implementation on the server
level. It is also absolutely dependant on two things, not all of which
Livingston currently provides:
1) 100% reliable accounting information (ie: Start and Stop records are
ALWAYS delivered). This does work well enough to be functional. We
haven't seen trouble here for non-MCPPP calls, and with 3.7.2, it
appears that MCPPP calls are fixed as well.
2) ABSOLUTE notification when a box is powered on or restarted.
Livingston sends a Radius accounting log entry on a crash or
console restart, but NOT for a cold power-up. You MUST have
this to remove all entries in the table for a given system on a
reset.
Given these two things you can implement in the daemon a "no multiple login"
restriction, or an "N" multiple login restriction.
The key is that you *must* be able to determine if someone is signed on with
certainty if you're going to implement this, and if you're going to be
wrong, you want to be wrong on the "not logged in" side of the equation -
otherwise you deny access improperly.
---- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex modem support is now available Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message.