Bug 1636256

Summary: [RFE] - limit the number of simultaneous logon sessions per user on RHVM
Product: Red Hat Enterprise Virtualization Manager Reporter: Brian Smith <briasmit>
Component: ovirt-engineAssignee: Dana <delfassy>
Status: CLOSED ERRATA QA Contact: Lucie Leistnerova <lleistne>
Severity: low Docs Contact:
Priority: low    
Version: 4.1.10CC: dfediuck, lsvaty, mgoldboi, mihood, mperina, Rhev-m-bugs, sborella
Target Milestone: ovirt-4.3.0Keywords: FutureFeature
Target Release: ---Flags: lsvaty: testing_plan_complete-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.3.0_rc Doc Type: Enhancement
Doc Text:
In previous versions, it was not possible to limit the number of simultaneous sessions for each user, so active sessions could significantly grow up until they expired. Now, Red Hat Virtualization Manager 4.3 introduces the ENGINE_MAX_USER_SESSIONS option, which can limit simultaneous sessions per user. The default value is -1 and allows unlimited sessions per user. To limit the number of simultaneous sessions per user, create the 99-limit-user-sessions.conf file in /etc/ovirt-engine/engine.conf.d and add ENGINE_MAX_USER_SESSIONS=NNN, where NNN is the maximum number of allowed simultaneous sessions per user. Save and restart using: systemctl restart ovirt-engine.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-08 12:38:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Brian Smith 2018-10-04 21:01:03 UTC
Description of problem:
Customer security requirements require that the number of simultaneous logon sessions per user on RHVM be configurable.  For example, once a user has 3 active login sessions, they should not be able to open a 4th session.   See also:  https://access.redhat.com/solutions/3184331


Version-Release number of selected component (if applicable):
RHVM 4.1.10


How reproducible:
Every time


Steps to Reproduce:
1. Need to limit users to 3 simultaneous login sessions per user.


Actual results:
No option to configure this.


Expected results:
Configurable option to limit simultaneous login sessions per user.


Additional info:
See also:  https://access.redhat.com/solutions/3184331

Comment 3 Lucie Leistnerova 2019-02-12 10:07:57 UTC
Setting ENGINE_MAX_USER_SESSIONS=X in /etc/ovirt-engine/engine.conf.d/99-max-user-sessions.conf has limited the sessions.
Engine returned appropriate error on www for internal and also other ldap user exceeding the limit.
Api returned only Unauthorized, I've created new BZ 1676443 to get also appropriate error.

verified in ovirt-engine-4.3.0.4-0.1.el7.noarch

Comment 5 errata-xmlrpc 2019-05-08 12:38:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1085