Re: Limit number of login sessions

Maximo Pech schrieb:
>> would you not be better to use ALTQ to limit the bandwidth available
>> to each user?  then if they share their password their only sharing
>> their own use?
>
>
> Users are not in my local network. They will connect from the internet and
> they have dynamic IPs so I guess that wouldn't work because altq can limit
> bandwidth based on IP address, not on user names.

from pf.conf(5):

user <user>
This rule only applies to packets of sockets owned by the specified
user.  For outgoing connections initiated from the firewall, this is the
user that opened the connection.  For incoming connections to the
firewall itself, this is the user that listens on the destination port.
  For forwarded connections, where the firewall is not a connection
endpoint, the user and group are unknown.

don't know if that could be useful for your purpose, but it sounds a
nice feature. you should be able assign the queues based on the user.

regards,
julian

>
>
>>
>> if not then i'd suggest you create a BSD auth module for processing
>> the login sessions and add a 'login-max' capability.
>>
>
> What kind of module? a kernel module?