login(1) doesn't enforce times.allow/times.deny over ssh(1)
Farid Hajji
me at farid-hajji.de
Sun Jul 20 11:32:05 PDT 2003
I'm trying to set up a login class on 5.1-R which limits users
from logging in at night or on week ends. Unfortunately,
the time limits are not enforced by login(1), when the host
is accessed via ssh (only from the console are the time limits
enforced):
In /etc/login.conf, I've set this:
time_limited:\
:welcome=/root/motd-timelimited:\
:times.allow=MoTuWeThFr0800-1900:\
:times.deny=So0000-2359:\
:tc=default:
and ran 'cap_mkdb /etc/login.conf' as instructed. Changed
login class of some test users with chsh(1). The change
in the 'welcome' capability works all right, but not the time
limitations (when using ssh).
I'm using the default /etc/pam.d/login, as of 5.1-R,
where pam_ssh.so is always commented out.
When using ssh, I'm not trying public/private keys,
just plain unix passwords. Doesn't ssh access login(1)
in this case?
Do you have an idea what's wrong here, or, better yet,
a solution?
Many thanks.
--
Farid Hajji. http://www.farid-hajji.net/address.html
More information about the freebsd-current
mailing list