time dependent denial of login
Gavin McCullagh
gmccullagh at gmail.com
Mon May 19 23:06:57 BST 2008
Hi,
On Mon, 19 May 2008, Kai Wollweber wrote:
> we want to enable/disable clients in classrooms depending on a timetable. This
> means not to disable any user at all. Intended is to disable certain
> terminals.
>
> At a given time a new login should be impossible whereas a running session may
> continue.
This doesn't sound foolproof to me -- ie I can forsee issues with people
getting bumped out by accident and not being able to login again. However,
with that rider, I might make some suggestions.
> Is it possible to disable login on a certain set of clients at given times?
>
> My first idea is to overwrite lts.conf by crontab. The disabled clients would
> get a non existing LDM_SERVER. Im not happy with this approach.
If modifying lts.conf, it might be nicer to set:
LDM_REMOTECMD=/usr/sbin/nologin
which (I hope) would give back a slightly more sensible error "This account
is currently not available". This could hopefully be displayed by LDM
(though I'm not sure of that).
Alternatively, if you have static IPs, you could block ssh access from
certain IPs with a firewall rule which could be added and removed by a cron
job. Shorewall would be a bit extreme for something so simple, but they do
mention such an idea here.
http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013880.html
Gavin
More information about the edubuntu-users
mailing list