https://github.com/cpulvermacher/pam-login-interval

A PAM module to enforce a minimum time between logins
https://github.com/cpulvermacher/pam-login-interval

pam pam-module productivity

Last synced: over 1 year ago
JSON representation

A PAM module to enforce a minimum time between logins

• Host: GitHub
• URL: https://github.com/cpulvermacher/pam-login-interval
• Owner: cpulvermacher
• License: mit
• Created: 2024-01-07T04:07:34.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2024-05-28T16:07:19.000Z (about 2 years ago)
• Last Synced: 2024-05-29T07:05:59.563Z (about 2 years ago)
• Topics: pam, pam-module, productivity
• Language: C
• Homepage:
• Size: 23.4 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: Readme.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# pam-login-interval

[![Status](https://flat.badgen.net/github/checks/cpulvermacher/pam-login-interval)](https://github.com/cpulvermacher/pam-login-interval/actions/workflows/ci.yml)

A PAM module that enforces a minimum time between logins.

## Prerequisites

gcc, make, and PAM development libraries are required.

For Debian/Ubuntu-based systems:

```

sudo apt install gcc make libpam0g-dev

```

## Installation

Build and install the module via:

```

make

sudo make install

```

Add the following to your PAM config, e.g. to /etc/pam.d/lightdm to use this module with LightDM logins:

```

   account required pam_login_interval.so target_user=your_user_name min_interval=30m

```

change the `target_user` and `min_interval` arguments as required.

If there is a successful authentication for the configured user before the configured `min_interval` time has passed, the login will be rejected.

If supported by the login UI / display manager, it will show a message like "Login denied (need to wait ... before next login)".

## Module Parameters

You should specify the following parameters in the PAM configuration:

### `target_user`

The user to limit logins for. For any other users, this module will not interfere with logins. If not specified, the `min_interval` setting will be applied to all users!

### `min_interval` (required)

The minimum duration since the user's last login. This can be a number in seconds, or a duration in the form `1d2h3m4s` or `30m`. If a login is attempted before this time has elapsed, the login will be rejected.

## References

- The Linux-PAM Module Writers' Guide -  https://fossies.org/linux/Linux-PAM-docs/doc/mwg/Linux-PAM_MWG.pdf

- pam-google-auth - https://github.com/google/google-authenticator-libpam/blob/master/src/pam_google_authenticator.c

- How to C (in 2016) - https://matt.sh/howto-c