PPP-Protokoll

PPP DialIn Zeitbeschraenkung pro User

Frage: Wie definiert man fuer bestimmte User Restriktionen bzgl. der Einwahlzeit und des Wochentages ?

Lösung: Man verwendet das pam_time.so Modul. Im Detail:

aktivieren der Zeitbeschraenkung in der Datei /etc/pam.d/ppp


#%PAM-1.0
auth     required       /lib/security/pam_unix.so       #set_secrpc
auth     required       /lib/security/pam_nologin.so
account  required       /lib/security/pam_unix.so
# /etc/security/time.conf
account  required       /lib/security/pam_time.so
password required       /lib/security/pam_unix.so       #strict=false
session  required       /lib/security/pam_unix.so       none # debug or trace

es wurde die Zeile "account required /lib/security/pam_time.so" eingefügt.

Definieren der erlaubten Zeiten in der Datei /etc/security/time.conf


# this is an example configuration file for the pam_time module. Its syntax
# was initially based heavily on that of the shadow package (shadow-960129).
#
# the syntax of the lines is as follows:
#
#       services;ttys;users;times
#
# white space is ignored and lines maybe extended with '\\n' (escaped
# newlines). As should be clear from reading these comments,
# text following a '#' is ignored to the end of the line.
#
# the combination of individual users/terminals etc is a logic list
# namely individual tokens that are optionally prefixed with '!' (logical
# not) and separated with '&' (logical and) and '|' (logical or).
#
# services
#       is a logic list of PAM service names that the rule applies to.
#
# ttys
#       is a logic list of terminal names that this rule applies to.
#                
# users
#       is a logic list of users to whom this rule applies.
#
# NB. For these items the simple wildcard '*' may be used only once.
#
# times
#       the format here is a logic list of day/time-range
#       entries the days are specified by a sequence of two character
#       entries, MoTuSa for example is Monday Tuesday and Saturday. Note
#       that repeated days are unset MoMo = no day, and MoWk = all weekdays
#       bar Monday. The two character combinations accepted are
#
#               Mo Tu We Th Fr Sa Su Wk Wd Al
#
#       the last two being week-end days and all 7 days of the week
#       respectively. As a final example, AlFr means all days except Friday.
#
#       each day/time-range can be prefixed with a '!' to indicate "anything
#       but"
#                
#       The time-range part is two 24-hour times HHMM separated by a hyphen
#       indicating the start and finish time (if the finish time is smaller
#       than the start time it is deemed to apply on the following day).
#
# for a rule to be active, ALL of service+ttys+users must be satisfied
# by the applying process.
#

#
# Here is a simple example: running blank on tty* (any ttyXXX device),
# the users 'you' and 'me' are denied service all of the time
#

#blank;tty* & !ttyp*;you|me;!Al0000-2400

# Another silly example, user 'root' is denied xsh access
# from pseudo terminals at the weekend and on mondays.

#xsh;ttyp*;root;!WdMo0000-2400

#
# End of example file.
#

Informatik- und Netzwerkverein Ravensburg e.V Walter Jäger