logintime module implements support for some date related attributes.
Login-Time attribute defines the time span during which a user
may login to the system. The format of a so-called time string is
similar to the format used by UUCP. A time string may be a simple
time string, or it may be a list of simple time strings separated by "|" or ",".
Each simple time string must begin with a day definition, which can be either one day, multiple days, or a range of days separated by a hyphen. A day is defined as either Mo, Tu, We, Th, Fr, Sa, or Su. The range of days encompassing Mo-Fr is defined as Wk. "Any" or "Al" means all days.
The day definition is followed by a range of hours in
For example, a valid
Login-Time string is
Current-Time attribute always contains the time at which the
request was received. The format is a normal
Time-of-Day attribute can be used to check the time of day when
a request is received.
When listed in the
authorize section, the
Login-Time attribute. When the
Login-Time has a
limited range of validity, the
Session-Timeout attribute is updated
to reflect this limited range.
Session-Timeout attribute already exists, then the
module may decrease the value, but will never increase the value, of this attribute.
- Return codes
noopThe module did not find a
okThere are no restrictions on the users login.
userlockThe user is outside of the allowed
updatedThe user is within the allowed
Login-Time, and the
reply:Session-Timeoutattribute has been updated to reflect their allowed session duration.
Operates identically to the authorize section.
Available after version 3.0.4
minimum-timeout = integer
The minimum timeout (in seconds) for a user session. If the calculated timeout is lower than this value, then the user is rejected.
Many NASes are unable to enforce a
Session-Timeoutthat is smaller than 60 seconds.