I don't want let many users login to PPTP server of linux with single username and password.
is there any solution exists for this?
I've never used pptpd myself, but its docs say that it just uses the underlying pppd.
pppd can be configured via pam, using
One PAM module is
pam_listfile(8) (at least available on my Ubuntu 10.04 machine), which can be configured to deny users with usernames listed in a specific file:
Classic ´ftpusers´ authentication can be implemented with this entry in /etc/pam.d/ftpd: # # deny ftp-access to users listed in the /etc/ftpusers file # auth required pam_listfile.so \ onerr=succeed item=user sense=deny file=/etc/ftpusers
You may be able to amend this for your site; by appending names to a file after a successful login and removing the names on logout, you could make it very difficult to have two connections created for the same user account.
Of course, this would be pretty brittle -- a dropped connection would need to have its line removed, and router reboots might annoy hundreds or thousands of users at once. I might suggest just truncating the whole file when users complain, and hope to avoid gross abuse of your system at best. (And the program to remove usernames would need to be carefully written to avoid races; you can use
dotlockfile(1) to help you.)
Perhaps some periodic auditing would be another option: you could check the wutmp files (see
lastlog(8)) or process listings (
ps auxw is nice) once in a while and see if people are abusing it, and handle it as a policy issue, rather than a software enforcement issue.
Hope this helps.