Is it possible to lock some accounts in order to be accessible only during specific time periods?
For instance the account joe should only be accessible during office hours.
Asked
Active
Viewed 738 times
8
-
not out of the box on unix I think... but it maybe be possible if you're doing some advanced authentication with ldap, or kerberos or something... or perhaps even with SELinux. I don't really know for sure though, so this is not a real answer. – xenoterracide Aug 24 '10 at 16:56
2 Answers
5
If you are talking about Linux, it depends if the distro ships pam_time.so or not. That PAM module can support limiting access to certain times of day, with user exceptions, fully looped into the PAM stack.
For other *NIX, if they support PAM (like Solaris) you can probably get and compile pam_time.so from somewhere.
nzwulfin
- 797
2
In FreeBSD you can use the pw utility:
pw lock <user>
and
pw unlock <user>
So now all you have to do is create a script to add logout and kill commands as required, loop through the users, execute via cron job and you're done!
gvkv
- 2,738
-
actually this method could be adapted to linux. One way of locking an account is by setting the ... second to last field in /etc/shadow to an earlier date. The fields specification is "Days since Epoch when account expires" so you could change that back and forth via cron. – xenoterracide Aug 24 '10 at 17:32