[QCLUG] Kid timer

Jim Hall volunteer.jim@gmail.com
Fri, 14 Jul 2006 15:55:16 -0500 

---------------------- multipart/alternative attachment
On 7/13/06, Steve Langasek <vorlon@dodds.net> wrote:
>
>
> As for disallowing logins before 11am, there is a config file
> /etc/security/time.conf which drives the pam_time module, used to specify
> time-based limits on user access to services (e.g., "login").  Depending
> on
> the distro's setup, you may already have pam_time enabled by default under
> /etc/pam.d/; more likely, you will need to set it up yourself.  As editing
> PAM configs is not for the faint of heart (it's generally a great way to
> lock yourself out of the system), you would need to forward the contents
> of
> your /etc/pam.d/login and /etc/pam.d/kdm files for me to make a
> recommendation.
>
> The actual configuration of /etc/security/time.conf is fairly
> straightforward, though, and basically consists of adding the lines:
>
> *;*;root|admin;Al0000-2400
> login|kdm;*;*;!Al2300-2400&!Al0000-1100
>
> to the file.  (Completely untested, btw; I haven't used pam_time in...
> uhm... 8 years or so, so you'll want to keep a root login open and test
> this
> out once it's set up...)
>
> --
>


(Since I didn't see my first reply show up, I'm trying this again a little
differently.)


Here are the file contents.

*******************************************
      /etc/pam.d/login
#
# The PAM configuration file for the Shadow `login' service
#

# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth       required   pam_issue.so issue=/etc/issue

# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth       requisite  pam_securetty.so

# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs )
auth       requisite  pam_nologin.so

# This module parses /etc/environment (the standard for setting
# environ vars) and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session       required   pam_env.so readenv=1

# Standard Un*x authentication.
@include common-auth

# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth       optional   pam_group.so

# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account    requisite  pam_time.so

# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account  required       pam_access.so

# Standard Un*x account and session
@include common-account
@include common-session

# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session    required   pam_limits.so

# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session    optional   pam_lastlog.so

# Prints the motd upon succesful login
# (Replaces the `MOTD_FILE' option in login.defs)
session    optional   pam_motd.so

# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session    optional   pam_mail.so standard
@include common-password


      /etc/pam.d/kdm
#
# /etc/pam.d/kdm - specify the PAM behaviour of kdm
#

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
@include common-auth
@include common-account
@include common-password
@include common-session

auth       required     pam_nologin.so
auth       required     pam_env.so
session    required     pam_limits.so

**************************************************
Jim

---------------------- multipart/alternative attachment
An HTML attachment was scrubbed...
URL: http://qclug.org/pipermail/qclug/attachments/132ae0cb/attachment.htm

---------------------- multipart/alternative attachment--