Re: pam_time

["Michael K. Johnson" <johnsonm redhat com>]

Andrew Morgan writes:
>I'm thinking about writing a pam_time module. It will be for
>implementing some sort of account managment. user X can only log in
>between these times... System time is between these times... etc.
>
>Does anyone have any thoughts about a format for a pam_time config
>file and or flavors of restriction that should be supported?

I'd suggest looking at a few BBS packages for ideas, since BBS
systems have dealt with this question forever...  They might
provide inspiration on both counts.  I'm pretty clueless about
BBSs, other than knowing that several are available for Linux.

AFAIK, there are two different kinds of time limitations: time
during which the user is allowed to log in, and total time per
time period.  These may be logically separable, and may really
be two different PAM modules, so if you are only interested in
the first, then you can ignore the rest of this mail...  :-)

The "total time per time period" one might be hard, because you
would potentially have to kill -HUP the user after a certain
amount of time, probably after giving some warnings.  This would
require a daemon, cron job, or at jobs to send the warnings and
hang up the user.  The configuration file for that would have to
be very flexible, because it would need to specify time periods,
and within that time period, the numbers and timing of logoff
warnings, etc.

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"