[CentOS] pam_time.so and /etc/security/time.conf

Mon Dec 6 21:51:45 UTC 2010
James B. Byrne <byrnejb at harte-lyne.ca>

I have done a bit of experimenting and I am confused respecting the
evident behaviour of this module.

If I do this:

sshd;*;*;Wk0700-1500

Then all user ids fail to log in (at the present time).  However, if
I add this:

sshd;*;user01;Al0000-24000
sshd:*:*:Wk0700-1500

Then I get the same result for user01. If I do this instead:

sshd:*:*:Wk0700-1500
sshd;*;user01;Al0000-24000

Then I also get the same result for user01; Forced disconnection.

The inference I draw is that the time.conf file is processed until
either a failure or the end of the file is encountered, which then
counts as a success. Is this right?  The manual pages and examples
give no hint that this is what happens.  They state in fact that
sshd;*;user01;Al0000-24000 should always let user01 login. And that
clearly does not happen.

Is there something that I am doing wrong here?



-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3