Lars Hansson írta: > On Wednesday 10 May 2006 05:17, Paul Moore wrote: > >> How would that work if you they were logged in before the /etc/nologin >> takes affect? Would it disconnect them or is it still a valid connection >> until the next login? >> > > Ooops. Well, it was quick and dirty. You'd have to figure out a way to kill > logged in users too. > > --- > Lars Hansson > > I have a similar idea, but it looks more complicate. There are some special reasons that make the problem more difficult. First, we need to use a one-time-password/login access. Passwords must be generated first. If anyone's time has expired, his session must be terminated, and his password/UID combination could never be used again. In PF FAQ I've found that: "Authpf logs the username and IP address of each user who authenticates successfully as well as the start and end times of their login session via syslogd(8). By using this information, an administrator can determine who was logged in when and also make users accountable for their network traffic." My idea: write a little shell script and put it into the crontab. Every minute the script checks authpf sessions and compares their start login time with system's time. If the required time limit (i.e. 1 hour) has expired, it sends a SIGTERM to the user's session and writes UID into the /etc/authpf/banned/ directory. I think it might be a solution... Is anyone has another suggestion or idea?
Peter Vas
