authenticate users logins by a database ??? (postgres, mysql)
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
authenticate users logins by a database ??? (postgres, mysql)
is it possible to authenticate users logins by a database (postgres, mysql) ???
for instance:
-user types username, pasword, at login screen
-OS then connects to server with database and checks if the user is valid.
if so, is it feasible to add a time lock function for each user? in the sql, postgres table ? for instance user sandra can only log onto the computer for 1hr at 5pm
Don't know that, but based on your first post, this might be overkill, if that's all you're looking for.
First, be aware that the scenarios for using a back-end database, assumes that you've got the database RUNNING already. So if you're talking about a single-system, you may have issues, like if the database doesn't start up, how are you going to log in? If you're talking about a home use kind of thing, you'd be better off using something a bit less complex, but just as effective.
In your system profile, put a snippet in there, something like this:
NOTE: UNTESTED, PROBABLY CONTAINS SYNTAX ERRORS
Code:
if [ `date +%T` (>= "13:00:00" && <= "15:00:00") ]; then
echo "Sorry, not time for you to log in yet." 1>&2
exit
fi
Or into the user(s) .profile/.bashrc. Checks the time when the log in, and if it's outside the parameters, it exits. Take the concept a bit further...expand the shell-script bit, to do an ID check first, and if you're in the list of ID's to check, THEN do the time check. That way, trusted users can log in whenever, ones on the list will get checked. You can even then put logging features in it, to send emails if someone tries to log in after hours, etc., with a very simple bit of shell scripting. Beats having to mess with system authentication stuff, and risking not being able to log in, if something goes pear-shaped.
In your system profile, put a snippet in there, something like this:
NOTE: UNTESTED, PROBABLY CONTAINS SYNTAX ERRORS
Code:
if [ `date +%T` (>= "13:00:00" && <= "15:00:00") ]; then
echo "Sorry, not time for you to log in yet." 1>&2
exit
fi
Or into the user(s) .profile/.bashrc. Checks the time when the log in, and if it's outside the parameters, it exits.
this is more or less what I want, however I wanted to define each time for each user which could be Syntax in sql table as datetime, so when the OS looked up the userename and password it would also get time limits, I know there are some Pam modules which limits users on what time, but they do not support reading from a database :S
One option (depending on whether or not your system supports
the use of porttime) to populate the porttime file from the
database (maybe via a nightly cron-job if the user numbers
and/or times don't change dramatically on a daily basis).
man porttime
Actually - you could also just change
/etc/security/time.conf
like that ...
ok, I thought of a solution of having a php script which would check date time, are there any feilds/parameters in Pam_mysql which could be used to outright deny access?
something like:
( access = true/false )
would be helpful in pam_mysql as I could use the feild in sql table and php and enable it due to status, documentation on libpam is very scarce :S
this is more or less what I want, however I wanted to define each time for each user which could be Syntax in sql table as datetime, so when the OS looked up the userename and password it would also get time limits, I know there are some Pam modules which limits users on what time, but they do not support reading from a database :S
You can still do that, easily. Remember, this is a bash shell script...put a MySQL query in it from the command line, to extract a user ID, time range, or anything else you want. A simple variable comparison can then be done, to allow/deny access.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.