2016-02-15 - Re: Limit voucher login to single device

Header Data

From: Pilosopong Tasyo <pi***7@gmail.com>
Message Hash: 4626df342fca79b5adba3a7486e9d6ae391dd5813d9acca551f59cf9ae42909b
Message ID: <5dc932ed-0b56-43a5-82dc-ec8616c3cf50@grasehotspot.org>
Reply To: <dd7bb67a-5119-406e-b7ed-266c61ef20fd@grasehotspot.org>
UTC Datetime: 2016-02-15 01:45:34 UTC
Raw Date: Mon, 15 Feb 2016 00:45:34 -0800

Raw message 

Hi,

You can use *chilli_query* to extract the username-MAC address pair of all 
logged-in users and make a comparison if each pair matches the one on file. 
 A shell script should foot the bill nicely.  Basically, the script does 
the following:


   1. Use *chilli_query list* to extract the username and MAC address of 
   all logged-in users.  You'll need to filter the list using *grep* and 
   *cut* (you only need *USERNAME* and *MAC_ADDRESS*) and save it 
   *"ACTIVE_USERS_FILE"* for processing.
   2. For every USERNAME and MAC_ADDRESS in the *ACTIVE_USERS_FILE*, make a 
   comparison:
      - *USERNAME* doesn't exist on file yet -> first time log-in, create 
      *USERNAME* with *MAC_ADDRESS* as it's content
      - *USERNAME* already exist and *MAC_ADDRESS* matches the one on file 
      -> no action, the credentials matches the one on file
      - *USERNAME* already exist but *MAC_ADDRESS* doesn't match the one on 
      file -> unauthorized device (i.e., *USERNAME* is being used with 
      another device that has a different *MAC_ADDRESS*), use *chilli_query 
      logout* to kick out the *USER_NAME*
   3. Repeat the entire procedure.

So even if the there's a successful login, it won't take long for the user 
to get logged out.  Very effective in deterring users from sharing their 
credentials with someone else (or preventing users from using their 
credentials on another device even if they own it).

Hope this helps.  Cheers.

Thread