Bug 1636256 - [RFE] - limit the number of simultaneous logon sessions per user on RHVM
Summary: [RFE] - limit the number of simultaneous logon sessions per user on RHVM
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.1.10
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ovirt-4.3.0
: ---
Assignee: Dana
QA Contact: Lucie Leistnerova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-04 21:01 UTC by Brian Smith
Modified: 2020-08-03 15:34 UTC (History)
7 users (show)

Fixed In Version: ovirt-engine-4.3.0_rc
Doc Type: Enhancement
Doc Text:
In previous versions, it was not possible to limit the number of simultaneous sessions for each user, so active sessions could significantly grow up until they expired. Now, Red Hat Virtualization Manager 4.3 introduces the ENGINE_MAX_USER_SESSIONS option, which can limit simultaneous sessions per user. The default value is -1 and allows unlimited sessions per user. To limit the number of simultaneous sessions per user, create the 99-limit-user-sessions.conf file in /etc/ovirt-engine/engine.conf.d and add ENGINE_MAX_USER_SESSIONS=NNN, where NNN is the maximum number of allowed simultaneous sessions per user. Save and restart using: systemctl restart ovirt-engine.
Clone Of:
Environment:
Last Closed: 2019-05-08 12:38:40 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:
lsvaty: testing_plan_complete-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2019:1085 0 None None None 2019-05-08 12:38:53 UTC
oVirt gerrit 95103 0 master MERGED aaa: Limit the number of open sessions per user 2020-01-30 11:46:25 UTC
oVirt gerrit 95249 0 None MERGED aaa: Return proper login failed error message 2020-01-30 11:46:25 UTC

Description Brian Smith 2018-10-04 21:01:03 UTC
Description of problem:
Customer security requirements require that the number of simultaneous logon sessions per user on RHVM be configurable.  For example, once a user has 3 active login sessions, they should not be able to open a 4th session.   See also:  https://access.redhat.com/solutions/3184331


Version-Release number of selected component (if applicable):
RHVM 4.1.10


How reproducible:
Every time


Steps to Reproduce:
1. Need to limit users to 3 simultaneous login sessions per user.


Actual results:
No option to configure this.


Expected results:
Configurable option to limit simultaneous login sessions per user.


Additional info:
See also:  https://access.redhat.com/solutions/3184331

Comment 3 Lucie Leistnerova 2019-02-12 10:07:57 UTC
Setting ENGINE_MAX_USER_SESSIONS=X in /etc/ovirt-engine/engine.conf.d/99-max-user-sessions.conf has limited the sessions.
Engine returned appropriate error on www for internal and also other ldap user exceeding the limit.
Api returned only Unauthorized, I've created new BZ 1676443 to get also appropriate error.

verified in ovirt-engine-4.3.0.4-0.1.el7.noarch

Comment 5 errata-xmlrpc 2019-05-08 12:38:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1085


Note You need to log in before you can comment on or make changes to this bug.