I am investigating how to limit user logins via sshd to specific
times of day. I have the basic syntax but what I want to know is how
does pam_time.so process time.conf.
Say I have a clutch of users that should login between 07:00 and
18:00 Monday to Friday. I infer that the following will handle
that:
sshd;*;*,Wk0700-1800
However, what is not clear to me is how does one permit certain
userids additional login periods while handling the majority of
users as above. Say user01 should also be allowed to logon during
Saturday mornings Sa0800-1200 and early evenings the rest of the
week wk1830-2100 Do I do this?
sshd:*;user01;AL1830-2100&Wk0700-1800&Sa0800-1200
sshd:*:*:Al1830-2100
or will this work?
sshd:*:user01:Sa0800-1200
sshd:*:user01:Wk1830-2100
sshd:*:*:Al0700-1800
or will this?
sshd:*:*:Al0700-1800
sshd:*:user01:Wk1830-2100
sshd:*:user01:Sa0800-1200
What I am trying to understand is whether the first result
encountered, either success or failure, is what is applied to a
given login attempt. Or, does the stack progress until success or
it ends in which case it fails?
Recasting my question: Is it meaningful to have multiple entries for
a singe userid, whether explicitly given or as part of a wildcard,
contained in time.conf?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3