Thanks very much for your comments. I have a question about your comment. Please read below. Michael Tokarev wrote: >Junyoung Heo wrote: > >>Dear pam-list members. >> >>We(3 developers) have plan to develop additional functionalities about 'acount'. >>Please read and comment about it. >> >>- account expire date : disable account after some days. >>- account inactive date : disable account if account is not used for some days. >>- account suspend/resume date : disable account until suspend date and resume it after resume date. >>We want to add above 3 functionalities on pam_time modules. >>How about your thought? >> > >But this functionality already exists in pam_unix/pam_pwdb, >based on corresponding fields in shadow (or nss equivalent). >And why add this to pam_time that has no access to user's >password attributes, whatether them are? > I knew 'account expire date' exists in shadow format and pam_unix/pam_pwdb perform it. But, I cannot find other 2 features in pam modules. I thought 'account expire date' is not proper in 'shadow' because 'shadow' is dedicated to 'password'. Also, thought these things are appropriate for pam_time because it is intended to account/time. Please, let me know how/what supports these things. If all already exist, I'll not make it. >>- max login : limit maximum logins. >>- max session : limit maximum sessions. >>These are made in new modules. >> > >Seems very similar with each other. It looks >like a good idea, but should here be some relation >with that same pam_time module? I.e. at weekends, >allow max 20 sessions, but on workdays, only one. >Like extending pam_time's session "boolean" to >session "number" (allowing not only 1/0 as a limit)? > Thanks for your idea. I'll condier it. > > >[] >Regards, > Michael. > > > >_______________________________________________ > >Pam-list@redhat.com <mailto:Pam-list@redhat.com> >https://listman.redhat.com/mailman/listinfo/pam-list >
