pam time restrictions not working !!?
hi all
I dont want to allow the user winny on saturday and sundays. I added the following line in the /etc/security/time.conf file. login;*;winny;!SaSu0000-2400 Then i added the following line in the /etc/pam.d/login file. account required pam_time.so this is the first line of that login file. But if i tried to login with the username winny it allows me to get log in. Is anything has to be change? I need ur help guys. |
Not if it's not the weekend. You told PAM to block winny for 48 hours of
the weekend, which is a day away (for me, anyway; your mileage may vary). |
thats just a example yaar...ok take it...
login;*;winny;!Al0000-2400 even if i add the above line, it is not working?...What do you say now? |
how to block users for particular days?
hi all
i dont want to allow the user winny on saturday and sundays. Can someone tell me how to implement this on RHEL 5? Thanks in advance. |
Are you talking about denying in squid?
|
For logins etc ,try pam_time http://www.kernel.org/pub/linux/libs...-pam_time.html
|
hi chrism01
i have added the following line to /etc/security/time.conf file login;*;winston;!We0000-2400 then i add a entry in /etc/pam.d/login file i.e account required pam_time.so But, now i login locally through Command line interface, it denied me. Well, But through GUI it allows me to login as winston. If i do rlogin or ssh from other clients that is also working. I want to restrict that user in all the way. How can i do this? |
If you look in /etc/pam.d there's probably (should be) an sshd file to edit as well.
Not sure about X-win, but there should a a relevant file in there. You'll also have to make sure that user is completely logged out. iirc, the GUI clones the first login and just copies it, so it might not notice the change. Don't have a Linux system here with X-win to check. |
refer the following
http://tuxradar.com/answers/283 |
sorry chrism01..it doesnt works...here is the content of the pam.d/sshd file ( i've added the line "account required pam_time.so"
#%PAM-1.0 account required pam_time.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so ~ ~ rebooted the machine one time. Then i tried to login throgh ssh from one of my client. It allows. sssssssshhhhhhhhh....what to do? |
Add the following to root crontab file:
Code:
0 0 * * 0 6 passwd -l winny HTH Forrest |
i blocked the rlogin and ssh by made an entry in the /etc/security/time.conf file.
The entries are login;*;winny;!We0000-2400 sshd;*;winny;!We0000-2400 rlogin;*;winny;!We0000-2400 and also in /etc/pam.d/sshd and rlogin file. Everything works fine except the local GUI. In GUI it allows me to log in. I think the crontab will do for GUI. Let me try !! Thanks for the help gurus.... |
I'd ask RH, assuming that's a registered system. I'd like to know the (proper) solution myself.
|
that would be great...i will wait for that...i am happy that i have asked a good question and ur approach to know the answer..
|
What happens when you replace 'login' with "system-auth' or '*'?
Untested - my slack machine doesn't use PAM at this stage. Cheers, Tink P.S.: I merged your two threads. |
All times are GMT -5. The time now is 01:34 AM. |