Previous Topic: Defining Time and Day Login RulesNext Topic: Limiting Concurrent Logins for a User


Disabling Concurrent Logins

Most UNIX‑based operating systems allow concurrent logins. But if a user is permitted to log in from more than one terminal, there is a danger that while the user is logged in, other users can log in from elsewhere and masquerade as that user.

After you log in, CA ControlMinder allows you to disable your own concurrent login permission so that no one else can log in as you from another terminal. However, you can still log in repeatedly from the particular terminal that you are using. Use the secons command with the following switches:

# secons -d- 	(disables concurrent login)
# secons -d+ 	(enables concurrent login)

Any user can issue the ‑d option. (All other options are only allowed for users with the ADMIN or OPERATOR attribute). Users who want to disable concurrent logins can use this command in their initial scripts. Although they are then able to open as many windows as they want, they cannot log in from a second terminal.

Note: If you use the secons ‑d‑ command to prevent concurrent logins, you must remember to use secons ‑d+ before logging out, to avoid being locked out of the system. If you forget to reinstate concurrent logins and try to log in again, CA ControlMinder allows you to log in provided no process with the same user ID is running.