Time control Synopsis

Module Name: Author: Andrew G. Morgan <morgan@parc.power.net> Maintainer: Author Management groups provided: account Cryptographically sensitive: Security rating: Clean code base: System dependencies: Requires a configuration file /etc/security/time.conf Network aware: Through the Overview of module

Running a well regulated system occasionally involves restricting access to certain services in a selective manner. This module offers some time control for access to services offered by a system. Its actions are determined with a configuration file. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request. Account component

Recognized arguments: Description: This module bases its actions on the rules listed in its configuration file: /etc/security/pam.conf. Each rule has the following form, In words, each rule occupies a line, terminated with a newline or the beginning of a comment; a ` By a logic list we mean a sequence of tokens (associated with the appropriate !morgan&!root, indicating that this rule does not apply to the user morgan nor to root; and tty*&!ttyp*, which indicates that the rule applies only to console terminals but not pseudoterminals. Mo Tu We Th Fr Sa Su Wk Wd Al The last two of these being The time range part is a pair of 24-hour times,

Note, that the given time restriction is only applied when the first three fields are satisfied by a user's application for service.

For convenience and readability a rule can be extended beyond a single line with a `\Examples/suggested usage: The use of this module is initiated with an entry in the # # apply pam_time accounting to login requests # login account required pam_time.so where, here we are applying the module to the Some examples of rules that can be placed in the /etc/security/time.conf configuration file are the following: login ; tty* & ; !ttyp* ; !root ; !Al0000-2400 all users except for games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 games (configured to use Linux-PAM) are only to be accessed out of working hours. This rule does not apply to the user

Note, currently there is no daemon enforcing the end of a session. This needs to be remedied.

Poorly formatted rules are logged as errors using