Diffstat (limited to 'modules/pam_time/README')
1 files changed, 24 insertions, 21 deletions
diff --git a/modules/pam_time/README b/modules/pam_time/README
index 38b2b3e6..abafd936 100644
@@ -1,30 +1,33 @@
+pam_time — PAM module for time control access
-This is a help file for the pam_time module. It explains the need for
-pam_time and also the syntax of the /etc/security/time.conf file.
-[a lot of the syntax is freely adapted from the porttime file of the
-It is desirable to restrict access to a system and or specific
-applications at various times of the day and on specific days or over
-various terminal lines.
+The pam_time PAM module does not authenticate the user, but instead it
+restricts access to a system and or specific applications at various times of
+the day and on specific days or over various terminal lines. This module can be
+configured to deny access to (individual) users based on their name, the time
+of day, the day of week, the service they are applying for and their terminal
+from which they are making their request.
-The pam_time module is intended to offer a configurable module that
-satisfies this purpose, within the context of Linux-PAM.
+By default rules for time/port access are taken from config file /etc/security/
-2. the /etc/security/time.conf file
-This file is the configuration script for defining time/port access
-control to the system/applications.
+These are some example lines which might be specified in /etc/security/
-Its syntax is described in the sample ./time.conf provided in this
+All users except for root are denied access to console-login at all times:
+login ; tty* & !ttyp* ; !root ; !Al0000-2400
+Games (configured to use PAM) are only to be accessed out of working hours.
+This rule does not apply to the user waster:
+games ; * ; !waster ; Wd0000-2400 | Wk1800-0800
-unrecognised rules are ignored (but an error is logged to syslog(3))
-Bugs to Andrew <email@example.com> or the list <firstname.lastname@example.org>