[QCLUG] Kid timer
Jim Hall
volunteer.jim@gmail.com
Thu, 13 Jul 2006 16:49:51 -0500
---------------------- multipart/alternative attachment
On 7/13/06, Steve Langasek <vorlon@dodds.net> wrote:
>
>
> As for disallowing logins before 11am, there is a config file
> /etc/security/time.conf which drives the pam_time module, used to specify
> time-based limits on user access to services (e.g., "login"). Depending
> on
> the distro's setup, you may already have pam_time enabled by default under
> /etc/pam.d/; more likely, you will need to set it up yourself. As editing
> PAM configs is not for the faint of heart (it's generally a great way to
> lock yourself out of the system), you would need to forward the contents
> of
> your /etc/pam.d/login and /etc/pam.d/kdm files for me to make a
> recommendation.
>
> The actual configuration of /etc/security/time.conf is fairly
> straightforward, though, and basically consists of adding the lines:
>
> *;*;root|admin;Al0000-2400
> login|kdm;*;*;!Al2300-2400&!Al0000-1100
>
> to the file. (Completely untested, btw; I haven't used pam_time in...
> uhm... 8 years or so, so you'll want to keep a root login open and test
> this
> out once it's set up...)
>
> --
>
Here are the file contents.
/etc/pam.d/login
#
# The PAM configuration file for the Shadow `login' service
#
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth requisite pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Standard Un*x account and session
@include common-account
@include common-session
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
@include common-password
/etc/pam.d/kdm
#
# /etc/pam.d/kdm - specify the PAM behaviour of kdm
#
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-password
@include common-session
auth required pam_nologin.so
auth required pam_env.so
session required pam_limits.so
---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/c2bb4683/attachment.htm
---------------------- multipart/alternative attachment--