Re: restricting login times
On Mon, Mar 25, 2013 at 08:40:38PM +0900, Joel Rees wrote:
>
> I didn't have to get either the silly or simple example working.
>
> Tried, but I couldn't, without enabling pam_time in /etc/pam.d .
>
> In each of
>
> /etc/pam.d/login
>
> and
>
> /etc/pam.d/su
>
> Uncommented the line
>
> # account requisite pam_time.so
>
> And put the line
>
> *;*;user1;!Al0000-2400
>
> (all day, which is not the ultimate goal) in
>
> /etc/security/time.conf
>
> and PAM blocks console login for user1, with the message "Login
> denied" or something like that. But not X11.
>
> Getting close.
>
> So, I added the line
>
> account required pam_time.so
>
> (required, not requisite) to
>
> /etc/pam.d/gdm
>
> and that blocks user1 from logging in to xfce4 through gdm. I assume
> it won't block xfce4 through kdm if I install kdm.
>
> I'm not sure about the change from requisite to required for gdm. I
> know it has to be account.
>
> So, now that I know it works, the line (for now) in
>
> /etc/security/time.conf
>
> is
>
> *;*;userb, userg,userp;!Al2300-0500
>
I think you want to edit the common-* files in /etc/pam.d. That way the
time restrictions will apply to all methods of logging into that
machine. 'login', 'gdm', and the other files in /etc/pam.d typically
reference the files 'common-session', 'common-password', and so on with
a '@include' line.
-Rob
Reply to: