# Time.conf, pam_time.so, and K.D.E. 5/kscreenlocker

## keet

I enabled the pam_time.so module in /etc/pam.d and configured the access times in /etc/security/time.conf.  It works for the most part; the users cannot log in except when I specify.  However, if they have a locked K.D.E. 5 session, they can unlock it even during the unrestricted times.  I tried adding the 'account required pam_time.so' to /etc/pam.d/kde and kde-np (as well as various other files in that directory), but it didn't work; the users can still unlock their accounts during restricted times.

I know that I could simply terminate processes at the beginning of the restricted times, but I would rather make pam_time.so work properly.  Does anyone here know how to make this work?

----------

## gerdesj

 *keet wrote:*   

> I enabled the pam_time.so module in /etc/pam.d and configured the access times in /etc/security/time.conf.  It works for the most part; the users cannot log in except when I specify.  However, if they have a locked K.D.E. 5 session, they can unlock it even during the unrestricted times.  I tried adding the 'account required pam_time.so' to /etc/pam.d/kde and kde-np (as well as various other files in that directory), but it didn't work; the users can still unlock their accounts during restricted times.
> 
> I know that I could simply terminate processes at the beginning of the restricted times, but I would rather make pam_time.so work properly.  Does anyone here know how to make this work?

 

What exactly are you trying to achieve with this?  Describe it in English, rather than nerd-ese, that will make it easier to help out.  eg "Our workstations should only be used between x and y by end users (group membership description).  Access is via ssh and SDDM only. The "admin group" should be allowed access at all times.  We don't/do care if work is lost by forcefully logging someone out" etc etc

Cheers

Jon

----------

