LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 04-08-2010, 01:28 PM   #1
noodlesoffire
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Rep: Reputation: 0
Question authenticate users logins by a database ??? (postgres, mysql)


is it possible to authenticate users logins by a database (postgres, mysql) ???

for instance:

-user types username, pasword, at login screen
-OS then connects to server with database and checks if the user is valid.

if so, is it feasible to add a time lock function for each user? in the sql, postgres table ? for instance user sandra can only log onto the computer for 1hr at 5pm
 
Old 04-08-2010, 01:33 PM   #2
troop
Member
 
Registered: Feb 2010
Distribution: gentoo, arch, fedora, freebsd
Posts: 379

Rep: Reputation: 96
by postgres: http://sourceforge.net/projects/pam-pgsql/
by mysql: http://pam-mysql.sourceforge.net/
 
Old 04-08-2010, 01:48 PM   #3
noodlesoffire
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by troop View Post

nice, so I could mange accounts in a table?

and would it be able to use time limit functions?
 
Old 04-08-2010, 02:11 PM   #4
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,977

Rep: Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672
Quote:
Originally Posted by noodlesoffire View Post
nice, so I could mange accounts in a table?
Yes, that's what its for.
Quote:
and would it be able to use time limit functions?
Don't know that, but based on your first post, this might be overkill, if that's all you're looking for.

First, be aware that the scenarios for using a back-end database, assumes that you've got the database RUNNING already. So if you're talking about a single-system, you may have issues, like if the database doesn't start up, how are you going to log in? If you're talking about a home use kind of thing, you'd be better off using something a bit less complex, but just as effective.

In your system profile, put a snippet in there, something like this:
NOTE: UNTESTED, PROBABLY CONTAINS SYNTAX ERRORS
Code:
if [ `date +%T` (>= "13:00:00" && <= "15:00:00") ]; then
   echo "Sorry, not time for you to log in yet." 1>&2
   exit
fi
Or into the user(s) .profile/.bashrc. Checks the time when the log in, and if it's outside the parameters, it exits. Take the concept a bit further...expand the shell-script bit, to do an ID check first, and if you're in the list of ID's to check, THEN do the time check. That way, trusted users can log in whenever, ones on the list will get checked. You can even then put logging features in it, to send emails if someone tries to log in after hours, etc., with a very simple bit of shell scripting. Beats having to mess with system authentication stuff, and risking not being able to log in, if something goes pear-shaped.
 
Old 04-08-2010, 02:52 PM   #5
noodlesoffire
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by TB0ne View Post

In your system profile, put a snippet in there, something like this:
NOTE: UNTESTED, PROBABLY CONTAINS SYNTAX ERRORS
Code:
if [ `date +%T` (>= "13:00:00" && <= "15:00:00") ]; then
   echo "Sorry, not time for you to log in yet." 1>&2
   exit
fi
Or into the user(s) .profile/.bashrc. Checks the time when the log in, and if it's outside the parameters, it exits.
this is more or less what I want, however I wanted to define each time for each user which could be Syntax in sql table as datetime, so when the OS looked up the userename and password it would also get time limits, I know there are some Pam modules which limits users on what time, but they do not support reading from a database :S
 
Old 04-08-2010, 03:12 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
One option (depending on whether or not your system supports
the use of porttime) to populate the porttime file from the
database (maybe via a nightly cron-job if the user numbers
and/or times don't change dramatically on a daily basis).

man porttime

Actually - you could also just change
/etc/security/time.conf
like that ...



Cheers,
Tink

Last edited by Tinkster; 04-08-2010 at 03:14 PM.
 
Old 04-08-2010, 04:50 PM   #7
noodlesoffire
LQ Newbie
 
Registered: Apr 2010
Posts: 6

Original Poster
Rep: Reputation: 0
ok, I thought of a solution of having a php script which would check date time, are there any feilds/parameters in Pam_mysql which could be used to outright deny access?

something like:

( access = true/false )

would be helpful in pam_mysql as I could use the feild in sql table and php and enable it due to status, documentation on libpam is very scarce :S
 
Old 04-08-2010, 05:19 PM   #8
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,977

Rep: Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672Reputation: 2672
Quote:
Originally Posted by noodlesoffire View Post
this is more or less what I want, however I wanted to define each time for each user which could be Syntax in sql table as datetime, so when the OS looked up the userename and password it would also get time limits, I know there are some Pam modules which limits users on what time, but they do not support reading from a database :S
You can still do that, easily. Remember, this is a bash shell script...put a MySQL query in it from the command line, to extract a user ID, time range, or anything else you want. A simple variable comparison can then be done, to allow/deny access.
 
  


Reply

Tags
sql


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd : Could not authenticate using login logins bzlaskar Linux - Server 2 09-22-2009 12:57 PM
Freeradius Wireless unable to authenticate against MySQL Database nikalleyne Linux - Security 0 06-02-2009 10:12 AM
Create / Lookup MySQL Users for Database carlosinfl Linux - Server 2 04-22-2009 03:54 PM
MySQL users to authenticate with Openldap server niraj.kumar Linux - Server 1 03-14-2009 12:19 PM
Troubleshooting - Using AD to authenticate Linux logins - I know I'm close! jmerry01 Linux - Enterprise 4 08-01-2007 11:59 AM


All times are GMT -5. The time now is 08:49 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration