1636256 – [RFE] - limit the number of simultaneous logon sessions per user on RHVM

Bug 1636256 - [RFE] - limit the number of simultaneous logon sessions per user on RHVM

Summary: [RFE] - limit the number of simultaneous logon sessions per user on RHVM

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	4.1.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	ovirt-4.3.0
Target Release:	---
Assignee:	Dana
QA Contact:	Lucie Leistnerova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-04 21:01 UTC by Brian Smith
Modified:	2020-08-03 15:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ovirt-engine-4.3.0_rc
Doc Type:	Enhancement
Doc Text:	In previous versions, it was not possible to limit the number of simultaneous sessions for each user, so active sessions could significantly grow up until they expired. Now, Red Hat Virtualization Manager 4.3 introduces the ENGINE_MAX_USER_SESSIONS option, which can limit simultaneous sessions per user. The default value is -1 and allows unlimited sessions per user. To limit the number of simultaneous sessions per user, create the 99-limit-user-sessions.conf file in /etc/ovirt-engine/engine.conf.d and add ENGINE_MAX_USER_SESSIONS=NNN, where NNN is the maximum number of allowed simultaneous sessions per user. Save and restart using: systemctl restart ovirt-engine.
Clone Of:
Environment:
Last Closed:	2019-05-08 12:38:40 UTC
oVirt Team:	Infra
Target Upstream Version:
Flags:	lsvaty: testing_plan_complete-

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2019:1085	None	None	None	2019-05-08 12:38:53 UTC
oVirt gerrit	95103	master	MERGED	aaa: Limit the number of open sessions per user	2020-01-30 11:46:25 UTC
oVirt gerrit	95249	None	MERGED	aaa: Return proper login failed error message	2020-01-30 11:46:25 UTC

Description Brian Smith 2018-10-04 21:01:03 UTC

Description of problem:
Customer security requirements require that the number of simultaneous logon sessions per user on RHVM be configurable.  For example, once a user has 3 active login sessions, they should not be able to open a 4th session.   See also:  https://access.redhat.com/solutions/3184331


Version-Release number of selected component (if applicable):
RHVM 4.1.10


How reproducible:
Every time


Steps to Reproduce:
1. Need to limit users to 3 simultaneous login sessions per user.


Actual results:
No option to configure this.


Expected results:
Configurable option to limit simultaneous login sessions per user.


Additional info:
See also:  https://access.redhat.com/solutions/3184331

Comment 3 Lucie Leistnerova 2019-02-12 10:07:57 UTC

Setting ENGINE_MAX_USER_SESSIONS=X in /etc/ovirt-engine/engine.conf.d/99-max-user-sessions.conf has limited the sessions.
Engine returned appropriate error on www for internal and also other ldap user exceeding the limit.
Api returned only Unauthorized, I've created new BZ 1676443 to get also appropriate error.

verified in ovirt-engine-4.3.0.4-0.1.el7.noarch

Comment 5 errata-xmlrpc 2019-05-08 12:38:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1085

Note You need to log in before you can comment on or make changes to this bug.