On Mon, May 4, 2020, 23:31 Andy Pieters <systemd@xxxxxxxxxxxxxxxxx> wrote:
On Mon, 4 May 2020 at 15:51, Andy Pieters <systemd@xxxxxxxxxxxxxxxxx> wrote:HiI'm trying to accomplish the following:An event happens -> I start a systemd service in responseafter RuntimeMaxSec is reached service terminates and cleans up eventShould a second event happen whilst RuntimeMaxSec is not yet reached thepreference would be to reset RuntimeMaxSec of the serviceAlternatively, I suppose I could shut down the service and restart it in reply toa second or third or fourth event happening.Any suggestions here?OK, I will give more info on what I want to do.I have SSH login which requires 2FA. I use PAM to check if user belongs to group xIf user is in group X, normal authentication is performedIf user is not in group X, then 2F authentication is required.That part is already working.What I want to achieve:a) when a user logs on using 2F authentication, add user to group xb) after a delay remove user from group x
So this is basically for implementing sudo-like caching for 2FA?
What authentication methods are involved here?
Seems like there are better ways than a service file that permanently modifies /etc/group in the first place... Like a PAM module that literally touches a timestamp file.
_______________________________________________That part is trivial to do with some service file, either by starting a timer, orusing systemd-run or setting RuntimeMaxSec on a dummy service and usingthe ExecStop= to remove the user from group x.The problem:* every new login in between a) and b) above should restart the delay timing
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
