Blocking users and games during schooltime

Mika Pflüger mail at
Thu Nov 20 08:51:06 GMT 2008


> Then set the user to nologin 
> Here is the problem the user is from a LDAP server dont fick there is no
> easy way to block this :-) 

Well, to block any login, it should be enough to touch /etc/nologin.
If you only want to block specific users, than I would usually chsh
their login shell to /bin/nologin. But if you can't alter the values you
get from the LDAP server, you might need something else.
Take a look on man 8 pam_time and man 5 time.conf, these are pam mpdules
designed exactly for what you want to do. Unfortunately the syntax of
time.conf is confunsing the hell out of me, so if you get the same
feeling about the syntax, you should definitely learn the syntax on a
testing system before you apply it to the server.
You then have to add the time module to the pam.conf file, so it takes
effect. Examples in the man 8 pam_time page.

(Just one pitfall I got while searching for this: use man 7 pam or man
PAM to get the manpage for the pluggable authentication module. Some
manpages are wrong, they say it is located at man 8 pam, but it isn't.)


Mika Pflüger

More information about the edubuntu-users mailing list