Date: Sat, 13 Dec 2003 19:52:04 +0100 (CET) From: "Cordula's Web" <cpghost@cordula.ws> To: pmurphy456@yahoo.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: login.conf changes not being effected Message-ID: <200312131852.hBDIq4o7002736@fw.farid-hajji.net> In-Reply-To: <20031213175055.25327.qmail@web11308.mail.yahoo.com> (message from Phil Murphy on Sat, 13 Dec 2003 12:50:55 -0500 (EST)) References: <20031213175055.25327.qmail@web11308.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[login.conf] > goal is to be able to restrict login times and duration. 1. First of all, /etc/login.conf doesn't apply for ssh logins. Only the login(1) program reads this. Not sshd or other daemons. 2. As far as I can remember, you _can_ restrict the time of day for logins by setting times.allow and times.deny Last time I checked (some 6 months or so ago), it worked. 3. AFAIK, you can't enforce the duration of the login. login.conf(5) says: Note that login(1) enforces only that the actual login falls within peri- ods allowed by these entries. Further enforcement over the life of a session requires a separate daemon to monitor transitions from an allowed period to a non-allowed one. 4. To enforce time-of-day logins in a more general way (a.k.a for sshd, telnetd, ftpd, etc...), you need a PAM module. Which one or where, I don't know. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312131852.hBDIq4o7002736>