On Mon, Mar 25, 2013 at 08:40:38PM +0900, Joel Rees wrote: > > I didn't have to get either the silly or simple example working. > > Tried, but I couldn't, without enabling pam_time in /etc/pam.d . > > In each of > > /etc/pam.d/login > > and > > /etc/pam.d/su > > Uncommented the line > > # account requisite pam_time.so > > And put the line > > *;*;user1;!Al0000-2400 > > (all day, which is not the ultimate goal) in > > /etc/security/time.conf > > and PAM blocks console login for user1, with the message "Login > denied" or something like that. But not X11. > > Getting close. > > So, I added the line > > account required pam_time.so > > (required, not requisite) to > > /etc/pam.d/gdm > > and that blocks user1 from logging in to xfce4 through gdm. I assume > it won't block xfce4 through kdm if I install kdm. > > I'm not sure about the change from requisite to required for gdm. I > know it has to be account. > > So, now that I know it works, the line (for now) in > > /etc/security/time.conf > > is > > *;*;userb, userg,userp;!Al2300-0500 > I think you want to edit the common-* files in /etc/pam.d. That way the time restrictions will apply to all methods of logging into that machine. 'login', 'gdm', and the other files in /etc/pam.d typically reference the files 'common-session', 'common-password', and so on with a '@include' line.
-Rob -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
