How to tell if more than one person is sharing a user account
 

Hi there --

Is there software or mechanism that can help the administrator determine if more than one person is using the same user account via a shared password?

Thanks.

Hi,

Too my knowledge it is not possible (without obligatory biometrics) to determine who (or what) gave the user/password combo.

Hope this helps.

If you think they are using different machines (and the same person should always be using the same machine) then you could use the "last" command to see what hostname they logged in from.

Hi,
The bold part is definitely not true!

One can log in from home (being on-call and/or working flexible), from (one of) the office(s) and in some cases when on-the-road.......

And even if the environment is set up to have access from one specific machine, you cannot find out who/what actually gave the login credentials.

There is software that tracks things like keyboard usage to determine if a user is the same as previously. Needs to learn but apparently doesn't take much.
Sites with high security clearance use this sort of thing. Not sure if an open source alternative is available.

I think that was a case of "And IF they should be logging in from the same machine"

Hi,
??? I don't get what you are trying to tell me.

I'm assuming you are talking about the last sentence (And even if the environment is ....), which seems to be a more specific case of your "And IF they should be logging in from the same machine"...

try the command "finger"

You will get the number of users logged in to the server from different machine. Person's who are all logged into the server with same name but with different client IP should be considered as shared account.

You can write your own perl/python scripts to parse the output of the finger command.


Best Regards,

Yes it was meant as an IF - I had already used IF at the start of the sentence. Anyway, I'm not getting into a discussion as to the in's and out's of correct grammar. :)