Author Topic: limiting to only 1 active client session for 1 user at a time  (Read 1404 times)

Helle V. Justesen

  • Guest
limiting to only 1 active client session for 1 user at a time
« on: September 08, 2022, 01:55:55 AM »
hi

we run the windows client v. 10.5.0.5. and server on z/OS using RACF as access control

this might not be a specific ondemand client issue - but I have got a pentest finding saying it should not be possible to have more than one active client session with the same user at a time - does anyone knows how to do that?  right now I can start several clients and log on to all of them with the same user

br
Helle Justesen
« Last Edit: September 08, 2022, 03:13:24 AM by Helle V. Justesen »

Justin Derrick

  • IBM Content Manager OnDemand Consultant
  • Administrator
  • Hero Member
  • *****
  • Posts: 2231
  • CMOD Guru for hire...
    • View Profile
    • Tenacious Consulting
Re: limiting to only 1 active client session for 1 user at a time
« Reply #1 on: September 09, 2022, 01:14:31 PM »
Sounds like you'd need a security exit for that.  But the security exits only allow you to approve or deny a login, so I don't think you could use it to kill the old session while allowing the new session to proceed.  Looks like this might be a good candidate for an enhancement request.

-JD.
IBM CMOD Professional Services: http://TenaciousConsulting.com
Call:  +1-866-533-7742  or  eMail:  jd@justinderrick.com
IBM CMOD Wiki:  https://CMOD.wiki/
FREE IBM CMOD Education & Webinars:  https://CMOD.Training/

Interests: #AIX #Linux #Multiplatforms #DB2 #TSM #SP #Performance #Security #Audits #Customizing #Availability #HA #DR