From owner-freebsd-questions Thu Dec 14 7:36:21 2000 From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 07:36:17 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from css-1.cs.iastate.edu (css-1.cs.iastate.edu [129.186.3.24]) by hub.freebsd.org (Postfix) with ESMTP id 64FA137B400; Thu, 14 Dec 2000 07:36:17 -0800 (PST) Received: from popeye.cs.iastate.edu (ghelmer@popeye.cs.iastate.edu [129.186.3.4]) by css-1.cs.iastate.edu (8.9.0/8.9.0) with ESMTP id JAA10447; Thu, 14 Dec 2000 09:36:16 -0600 (CST) Received: from localhost (ghelmer@localhost) by popeye.cs.iastate.edu (8.9.0/8.9.0) with ESMTP id JAA29898; Thu, 14 Dec 2000 09:36:14 -0600 (CST) X-Authentication-Warning: popeye.cs.iastate.edu: ghelmer owned process doing -bs Date: Thu, 14 Dec 2000 09:36:14 -0600 (CST) From: Guy Helmer To: Alexey Dokuchaev Cc: questions@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: How come accounting limits of login.conf still doesn't work?! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 14 Dec 2000, Alexey Dokuchaev wrote: > On Tue, 12 Dec 2000, Guy Helmer wrote: > > > On Tue, 12 Dec 2000, Alexey Dokuchaev wrote: > > > > > There've been a nasty situation for quite a long time already with > > > various accounting limits of login.conf... > > > > > > How come that all kewl features, such as sessionlimits, idletimes, etc all > > > are documented in man login.conf(5), but never seemed to work? It's 4.2 > > > already, and it still doesn't make any difference? > > > > The problem is that no process hangs around after a login to enforce these > > limits. > > > > I have some dusty code that enforces time limits that I've been thinking > > about improving (to handle all the "kewl" features you mention) and > > bringing into (or invoking from) login(1). It would mean an extra process > > hanging around for each login, but processes are cheap :-) > > So, is your code in usable stage and available as a patch? Do you have > any plans committing into main source tree? Sorry, it is not available yet. My code was part of a dialup server that limited time online (I was a BOFH in a previous life :-). I'll have to unearth the code from an old CD and figure out how to generalize it for login.conf(5) limits. I'm thinking of making the code into a PAM module so that it would work with access methods that don't invoke login(1) (e.g., sshd). Guy Guy Helmer, Ph.D. Sr. Software Engineer, Palisade Systems --- ghelmer@palisadesys.com Research Assistant, Dept. of Computer Science --- ghelmer@cs.iastate.edu http://www.cs.iastate.edu/~ghelmer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message