Written by J. Moellenkamp on
Reading time: 1 minute
SolarisEnglish
Solaris 11.2: Time based access limitations
Let’s assume you want to limit ssh login for user junior to a certain timespan, let’s say weekdays between 13:10 and 17:00. With Solaris 11.2 it’s really easy to limit access to certain services based on times.
To enforce this, you can set access_time for certain PAM services for the use junior like this. The limitation is done by the pam_unix_account.so module and the man page states :
Validate that the user is permitted to access the PAM service at the current time and day of the week.
You will see pam_unix_account doing its job later on.
I will simply limit all PAM services that are used by ssh. Log into your server as root:
Let’s try to log in before 13:10.
Access is denied. Now get some coffee, talk with your colleagues and get back to the shell after 13:10, let’s say at 13:12.