[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Restrict remote access by time?


Hello,
This isn't a question about a vulnerability or security threat, so it might be the wrong list. If so, my apologies in advance. I'm trying to tighten a specific part of our security though, so I hope this is apropos to the list.
I am trying to figure out a good way to restrict access to some specific systems based on time and date.
I've looked at pam_time which would allow setting user by user rules based on day/time, but I'm looking for something that would be easy to maintain when we need to give a remote single user (mostly) exclusive access to a system for an arbitrary number of hours, and then at the end of that time end their SSH connection.
Clients will be mostly using NX to connect to an NX server but I would prefer to cut ALL access outside of their alloted time - though if the free or NoMachiens NX server provides a good way to restrict who can connect without totally disabling "system"accounts, and then there is a good way to prohibit most other usernames other than NX from connecting that might also be an option.
Ideally we would set a calender, and then it would work without supervision for the next 6/12 months, but with the option to adjust it if there are cancellations or changes.
I've considered hosts.allow/deny but we would prefer it to be account based rather than host/ip# based. 

As I mentioned pam_time might work but looks a little awkward for this.

User information is stored in a Fedora Directory Service (LDAP).
We are not currently using kerberos and implementing it at this time would not be practical.
While I would like to keep the solution "pure" debian/OS/Free Software, there is a budget, and 3rd party applications are not out of the question.
So, given the criteria, I would welcome any suggestions, research leads, or input from those who have put together similar projects. 

Thanks in Advance!
David.

--
David Ehle
Computing Systems Manager
CAPP CSRRI
rm 077
LS Bld. IIT Main Campus
Chicago IL 60616
ehle@iit.edu
312-567-3751

He who fights with monsters must take care lest he thereby become a
monster. And if you gaze for long into an abyss, the abyss gazes also into
you.
Reply to: