Ok, then. Do something like this: Modify a rlogin-deamon so that it
send some kind of message (syslog, whatever) to the server running radiusd
whenever a user loggs in/out. Modify the radius entries so that this
special rlogin-deamon is used on a special port. On the other server (the
one running radius), recieve these messages and save them in a dbm-file.
Now, whenever a user tries to log in to a terminal session, check with the
file if he's allready logged in. Not 100%, but fairly close. The important
thing here is to make sure the message-part works.
Offcourse, this sollution only works with terminal-users. A combination
of this one and an accounting sollution w/ping would catch almost any case,
but it's a kinda 'fishy' sollution with several possibilities for
malfunction.
>the radius deamon DROP the 'duplicate' auth request though while the other
>auth request is in session? According to the RFC im not entirely sure.
The rfc doesn't mention this (unless I've overlooked it) - it's
implementation-specific. We used a merit version, which did this
(compared the incomming packet with pending packets, and dropped it if
found). My guess is that most servers do this, among other good reasons
in order to avoid duplicate accounting packets (at least to some extent).
Sverre Hjelm, EUnet Norway