diff options
author | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-09 18:18:43 +0000 |
---|---|---|
committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2006-06-09 18:18:43 +0000 |
commit | 0fe6ff3ef4d45d8c16e89d4505cdc5857e133299 (patch) | |
tree | f04622ec7caf2eecae55511b550a41f6eb4864c6 /modules/pam_time/README | |
parent | 393585017d45cf174384530f57cb8bc5cec1b457 (diff) |
Relevant BUGIDs:
Purpose of commit: new feature
Commit summary:
---------------
2006-06-09 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_time/Makefile.am: Include Make.xml.rules.
* modules/pam_time/time.conf.5: New, generated from xml file.
* modules/pam_time/time.conf.5.xml: New.
* modules/pam_time/pam_time.8: New, generated from xml file.
* modules/pam_time/pam_time.8.xml: New.
* modules/pam_time/README.xml: New.
* modules/pam_time/README: Regenerated from README.xml.
Diffstat (limited to 'modules/pam_time/README')
-rw-r--r-- | modules/pam_time/README | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/modules/pam_time/README b/modules/pam_time/README index 38b2b3e6..abafd936 100644 --- a/modules/pam_time/README +++ b/modules/pam_time/README @@ -1,30 +1,33 @@ -$Id$ +pam_time — PAM module for time control access -This is a help file for the pam_time module. It explains the need for -pam_time and also the syntax of the /etc/security/time.conf file. -[a lot of the syntax is freely adapted from the porttime file of the -shadow suite.] +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -1. Introduction -=============== +DESCRIPTION -It is desirable to restrict access to a system and or specific -applications at various times of the day and on specific days or over -various terminal lines. +The pam_time PAM module does not authenticate the user, but instead it +restricts access to a system and or specific applications at various times of +the day and on specific days or over various terminal lines. This module can be +configured to deny access to (individual) users based on their name, the time +of day, the day of week, the service they are applying for and their terminal +from which they are making their request. -The pam_time module is intended to offer a configurable module that -satisfies this purpose, within the context of Linux-PAM. +By default rules for time/port access are taken from config file /etc/security/ +time.conf. -2. the /etc/security/time.conf file -=================================== +EXAMPLES -This file is the configuration script for defining time/port access -control to the system/applications. +These are some example lines which might be specified in /etc/security/ +time.conf. -Its syntax is described in the sample ./time.conf provided in this -directory. +All users except for root are denied access to console-login at all times: + +login ; tty* & !ttyp* ; !root ; !Al0000-2400 + + +Games (configured to use PAM) are only to be accessed out of working hours. +This rule does not apply to the user waster: + + +games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 -unrecognised rules are ignored (but an error is logged to syslog(3)) --------------------- -Bugs to Andrew <morgan@parc.power.net> or the list <pam-list@redhat.com> |