login.conf changes not being effected
Cordula's Web
cpghost at cordula.ws
Sat Dec 13 10:52:53 PST 2003
[login.conf]
> goal is to be able to restrict login times and duration.
1. First of all, /etc/login.conf doesn't apply for ssh logins.
Only the login(1) program reads this. Not sshd or other
daemons.
2. As far as I can remember, you _can_ restrict the time of
day for logins by setting times.allow and times.deny
Last time I checked (some 6 months or so ago), it worked.
3. AFAIK, you can't enforce the duration of the login.
login.conf(5) says:
Note that login(1) enforces only that the actual login falls within peri-
ods allowed by these entries. Further enforcement over the life of a
session requires a separate daemon to monitor transitions from an allowed
period to a non-allowed one.
4. To enforce time-of-day logins in a more general way
(a.k.a for sshd, telnetd, ftpd, etc...), you need a
PAM module. Which one or where, I don't know.
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list