lightdm and pam authentication (pam_time)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lightdm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
in previos version of With Ubuntu Linux, it is possible to assign to your computer time restrictions, to prevent the connection of one or more users to your system. With the time restrictions, you can, for example, limit access to the computer for your children (a kind of parental control, in short), or even protect the connection to your server during certain hours.
I use PAM (Pluggable Authentication Modules). It allows you to control user authentication when they connect. Then, we will use the security configuration files to define logon hours allowed. Enable Restrictions hours via the PAM Module
First of all, first go to the /etc/pam.d/, where is all configurable services: This is available by default in the kernel of linux...
If we want to block the connection to the computer, we will have to change the gdm service. Edit the file so gdm and add this line of code (at the end of file):
account required pam_time.so
GDM is the login screen distributions in Ubuntu but in 11.10 this change to Lighdm and i can't get this work again....
I tested this parameter in the follow files :
/etc/pam.d/lightdm and also /etc/pamd.
without success .....
I also notice that that som pam parameters change like
auth, session
How i can get this solution available again ??????
regads.,
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: lightdm 1.0.1-0ubuntu6
ProcVersionSign
Uname: Linux 3.0.0-12-generic i686
ApportVersion: 1.23-0ubuntu3
Architecture: i386
Date: Sun Oct 23 13:54:32 2011
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release i386 (20111012)
ProcEnviron:
PATH=(custom, no user)
LANG=es_ES.UTF-8
SHELL=/bin/bash
SourcePackage: lightdm
UpgradeStatus: No upgrade log present (probably fresh install)
security vulnerability: | yes → no |
visibility: | private → public |
I managed to get this to work by editing both /etc/pam.d/lightdm and lightdm-autologin and adding:
account requisite pam_time.so
after the @include common-account line. Also edited /etc/pam.d/login and uncommented the pam_time.so line.
After that, I added a line to /etc/security/ time.conf and added a line similar to:
login|lightdm* ;*;username; !Al1400- 1500
to deny login on all ttys and from lightdm for username between 2 and 3 pm. Works with lightdm- gtk-greeter, although strangely instead of saying 'Permissiong denied' it complains about an invalid password.