Time-based Access Control

Time-based Access Control

Post by yong » Sat, 14 Nov 1998 04:00:00



I am seeking ways to implement time-based access control over NIS+ .

As I am developing program on booking system to be used in the
laboratories, I need to have some form of access control on the system
so that the students would seriously use the booking system to book the
laboratory resources.  Unlike Windows NT, SUN Solaris' NIS+ does not
have the functionality of time-based access control.

The system administrators unlikely to allow me to mettle with NIS+ for
this case too.  Without touching NIS+ API, could I possibly build such
program?

Of course, it should be transparent to the users.  I don't attempt to
create gadget at their initializing files as it could be subjected to
tampering, although it's simple.

Thank you for reading my query.

rgds
yewho

 
 
 

Time-based Access Control

Post by Richard L. Hamilt » Sun, 15 Nov 1998 04:00:00


On 2.6 or later, there's PAM (Pluggable Authentication Modules),
a framework for adding or replacing authentication services.  It
shouldn't be too difficult to create a PAM module that consults a file
(or a new NIS+ table, if you like) that lists all those users who
are restricted to logging in only between certain hours.  Problem is,
that in itself won't log them off when they exceed their time window,
although you could probably create a daemon to do that too.

If their shell is rksh (restricted ksh), and they're sitting on ttys
(not using XDM or dtlogin, anyway), you could set TMOUT to kick 'em
out after a certain amount of inactive time.



Quote:> I am seeking ways to implement time-based access control over NIS+ .

> As I am developing program on booking system to be used in the
> laboratories, I need to have some form of access control on the system
> so that the students would seriously use the booking system to book the
> laboratory resources.  Unlike Windows NT, SUN Solaris' NIS+ does not
> have the functionality of time-based access control.

> The system administrators unlikely to allow me to mettle with NIS+ for
> this case too.  Without touching NIS+ API, could I possibly build such
> program?

> Of course, it should be transparent to the users.  I don't attempt to
> create gadget at their initializing files as it could be subjected to
> tampering, although it's simple.

> Thank you for reading my query.

> rgds
> yewho

--
ftp> get |fortune
377 I/O error: smart remark generator failed

Bogonics: the primary language inside the Beltway



 
 
 

Time-based Access Control

Post by expres » Tue, 17 Nov 1998 04:00:00


Thank you, Martin.
I will look into that area for my works.

rgds
yewho


> Hi Have a look at SSMI from SUN (or BOKS from Security Dynamics -
> essesntially the same thing). This does all what you want plus more...

> Martin Hepworth



> > On 2.6 or later, there's PAM (Pluggable Authentication Modules),
> > a framework for adding or replacing authentication services.  It
> > shouldn't be too difficult to create a PAM module that consults a file
> > (or a new NIS+ table, if you like) that lists all those users who
> > are restricted to logging in only between certain hours.  Problem is,
> > that in itself won't log them off when they exceed their time window,
> > although you could probably create a daemon to do that too.

> > If their shell is rksh (restricted ksh), and they're sitting on ttys
> > (not using XDM or dtlogin, anyway), you could set TMOUT to kick 'em
> > out after a certain amount of inactive time.

 
 
 

1. Controlling system access based on time?

In the login.conf man page, it is indicated that login enforces only that
the actual login falls within the times.allow and times.deny periods. It
continues to state that enforcement over the life of a session requires a
separate daemon to monitor transitions from an allowed period to a
non-allowed one.

Would someone provide the daemon name required to perform the monitoring, or
utility which monitors and disconnects a session which is operating out of
its acceptable hours?

Cordially,

Simplified Technology Company  http://www.stcinc.com

In God I trust!

2. PB NIS sun -> linux

3. Wanted : extended telnetd with user and IP address based access control

4. retrieve the line after the pattern

5. Role Based Access Control

6. Booting a modular kernel through a multiple streams file / Making Linux multiboot capable and grub loading kernel modules at boot time.

7. Call For Participation 1st ACM workshop on Role-Based Access Control

8. Slow Samba Cured by Windows reboot. Why?

9. Advance Program First ACM Workshop on Role Based Access Control

10. Economic Impact of NIST Role Based Access Control Research - report available

11. User Based Access Control

12. Role Based Access Control Q&A

13. RBAC (Role-Based Access Control) - How?