Throwing CONFD_ERR_TOO_MANY_SESSIONS on authentication callback

Hello,

We have a requirement where we have 2 different session limits. One session limit is the one that ConfD already supports which is per context (SSH, netconf, GUI), but the other one I have not found any way of enabling it in ConfD. And that one is a session limit per user.

So to add an example:

You have 3 contexts, each context has a limit of 8 sessions.
One user can connect to all those contexts and create 24 simultaneous sessions.
We would like to prevent the user from doing that and limit him to 8 sessions no matter the context.

Since I haven’t found any way of doing that via ConfD settings in the documentation, I tried to make this verification in the authentication callback. But with this implementation, the behavior changed. Previously once a user exceeded the session limit, if the user had the correct rights, the user was offered to kill another session and log into the one the user just created. But now this gets treated as an authentication error and the user can not kill another session.

I found that ConfD throws an internal error CONFD_ERR_TOO_MANY_SESSIONS if you try to create too many sessions in the code. I am wondering if it is possible for me to somehow also return this error in the authentication callback and get the inbuilt ConfD behavior back.

We are using ConfD version 7.7.10.

@cohult if anything is not clear or I posted in wrong category, please let me know, so I can add explanations/move to correct category.

Cc: @sbarvick

What you are asking for, the option to kill another session if permitted to do so with a session limit per user, is not supported by ConfD. If you switch to using an OpenSSH server and implement the “kill another session” functionality yourself, you may be able to achieve what you want, as it is not possible with ConfD’s built-in SSH server authentication functionality.