time dependent denial of login
Kai Wollweber
wollw at ki.tng.de
Tue May 20 17:45:14 BST 2008
Hi Daniel,
On Tuesday 20 May 2008 00:28:31 Daniel Kahn Gillmor wrote:
> > Is it possible to disable login on a certain set of clients at given
> > times?
>
> The most common way to do something like this is with PAM, using the
> pam_time module, and modifying /etc/security/time.conf to affect the
> relevant services.
>
Your idea looks fine at first sight. But I still see some problems.
In the pam howto I read about time.conf:
The syntax is as follows:
services;ttys;users;times
[snip]
The second field, the tty field, is a logic list of terminal names that this
rule applies to.
I understand the rules but I have no idea how a logical tty is assigned to the
physical terminal, identified by its IP. The command 'last' shows who was
logged in and which tty was assigned to the physical terminal:
annoes pts/37 192.168.0.226 Thu May 15 14:27 - 14:48 (00:21)
finsch pts/38 192.168.0.210 Thu May 15 14:22 - 16:34 (02:11)
linjai pts/37 192.168.0.209 Thu May 15 14:22 - 14:23 (00:01)
As we can see the pts/37 is assigned to different clients and if I got it
right the time.conf of pam can setup rules on tty but not on IP. "pts/*" e.g.
would affect all clients connecting on a pts. But our problem is to disable
only some terminal clients while others need to stay enabled.
--
Kai Wollweber
Integrierte Gesamtschule
Eckernförde
More information about the edubuntu-users
mailing list