I am investigating how to limit user logins via sshd to specific times of day. I have the basic syntax but what I want to know is how does pam_time.so process time.conf. Say I have a clutch of users that should login between 07:00 and 18:00 Monday to Friday. I infer that the following will handle that: sshd;*;*,Wk0700-1800 However, what is not clear to me is how does one permit certain userids additional login periods while handling the majority of users as above. Say user01 should also be allowed to logon during Saturday mornings Sa0800-1200 and early evenings the rest of the week wk1830-2100 Do I do this? sshd:*;user01;AL1830-2100&Wk0700-1800&Sa0800-1200 sshd:*:*:Al1830-2100 or will this work? sshd:*:user01:Sa0800-1200 sshd:*:user01:Wk1830-2100 sshd:*:*:Al0700-1800 or will this? sshd:*:*:Al0700-1800 sshd:*:user01:Wk1830-2100 sshd:*:user01:Sa0800-1200 What I am trying to understand is whether the first result encountered, either success or failure, is what is applied to a given login attempt. Or, does the stack progress until success or it ends in which case it fails? Recasting my question: Is it meaningful to have multiple entries for a singe userid, whether explicitly given or as part of a wildcard, contained in time.conf? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3