Date: Sun, 20 Jul 2003 20:32:01 +0200 From: Farid Hajji <me@farid-hajji.de> To: freebsd-current@freebsd.org Subject: login(1) doesn't enforce times.allow/times.deny over ssh(1) Message-ID: <200307202032.02281.me@farid-hajji.de>
next in thread | raw e-mail | index | archive | help
I'm trying to set up a login class on 5.1-R which limits users
from logging in at night or on week ends. Unfortunately,
the time limits are not enforced by login(1), when the host
is accessed via ssh (only from the console are the time limits
enforced):
In /etc/login.conf, I've set this:
time_limited:\
:welcome=/root/motd-timelimited:\
:times.allow=MoTuWeThFr0800-1900:\
:times.deny=So0000-2359:\
:tc=default:
and ran 'cap_mkdb /etc/login.conf' as instructed. Changed
login class of some test users with chsh(1). The change
in the 'welcome' capability works all right, but not the time
limitations (when using ssh).
I'm using the default /etc/pam.d/login, as of 5.1-R,
where pam_ssh.so is always commented out.
When using ssh, I'm not trying public/private keys,
just plain unix passwords. Doesn't ssh access login(1)
in this case?
Do you have an idea what's wrong here, or, better yet,
a solution?
Many thanks.
--
Farid Hajji. http://www.farid-hajji.net/address.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200307202032.02281.me>