From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id BD0CF198005 for ; Wed, 20 Mar 2013 14:22:38 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5D9AAE06F7; Wed, 20 Mar 2013 14:22:29 +0000 (UTC) Received: from mail-ia0-f170.google.com (mail-ia0-f170.google.com [209.85.210.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 066BBE064B for ; Wed, 20 Mar 2013 14:22:27 +0000 (UTC) Received: by mail-ia0-f170.google.com with SMTP id h8so1462943iaa.29 for ; Wed, 20 Mar 2013 07:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=qLvYTxTMHtCS4HdtKs3qoIAgt6Pxm4aG3SUbSgYaUgk=; b=zOmQbNkzjjxCd8Itp9Gl7ipO/B9POjNjWUfIriv85zTxSKb0kWNk8rSlg+eY5xBtDr 3XCZRwuh2K0RcslsQ9C7A5b9kPY3NEf7l3/yStoTLNDMg3GBKb0nNsh7R+bbx4jNUzlh jxHe4XRMHaT/vQXz3rc9KNfF4wbIJ+2pW/TN+J7qi7GMdchiFgg/maLw4npQ7m/XWPZX GsL3VF4NdcvHakLdkHzN61BKHs0Ad80I7XMEss7JdW46CLYdSbtb2cHiLt0Gws3Jn+6F 8HeL2sv6SuyjNXLfMpXKRtk4rs2lfm5CjGqHdOYeUXp0LMG9YqByLvBWKN3syENo1/89 i7Gw== X-Received: by 10.50.194.164 with SMTP id hx4mr1689861igc.35.1363789347168; Wed, 20 Mar 2013 07:22:27 -0700 (PDT) Received: from ?IPv6:2001:470:c5b9:beef:4eed:deff:fe93:63a0? ([2001:470:c5b9:beef:4eed:deff:fe93:63a0]) by mx.google.com with ESMTPS id g6sm5220682ign.4.2013.03.20.07.22.26 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 20 Mar 2013 07:22:26 -0700 (PDT) Message-ID: <5149C61E.4030701@gmail.com> Date: Wed, 20 Mar 2013 10:22:22 -0400 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130222 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OT: parental control software References: <20130320110400.167059b5@hactar.digimed.co.uk> In-Reply-To: <20130320110400.167059b5@hactar.digimed.co.uk> X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2AUPDLNRXCXSSWOUTOQUH" X-Archives-Salt: 489dfa1f-46b6-4ed7-87c3-f7c9ebfa9138 X-Archives-Hash: 813a1fc25f9d33c64379df13ce5e57c9 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2AUPDLNRXCXSSWOUTOQUH Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 03/20/2013 07:04 AM, Neil Bothwick wrote: > I'm looking for software that can be used to control a child's usage of= > the computer (not Internet filtering). At the very least it should be > able to control length of login sessions and when the child is able to > login. Ideally it would also be able to control access to programs, for= > example education programs can be used for a couple of hours but games > for only 30 mins at a time (net control software can be used to deal wi= th > online versions). There are other situations where this sort of thing i= s > useful, so it need not necessarily be a package aimed specifically at > parental controls. >=20 > Timekpr looks the ideal candidate, except it hasn't had a release in > over three years. >=20 > Any suggestions? I've been studying Kerberos a great deal lately, and so that's naturally where my mind went when I read this. Take the practicality of the idea with a grain of salt. I also make no claims to know exactly how to implement this for programs not already inherently kerberized. You might use Kerberos to enforce access limits by associating services with each thing you wish to control, giving the auth tickets a short rollover period, and refusing to regrant after a ticket has been rolled over enough times in one day. That easily covers the question of "when the child is able to log in", and could also work for "enforce the length of login sessions" if you're able to use a thin client model, or put the user's profile on a kerberized samba or nfs server. I don't know what mechanisms are available to force clean shutdowns of user sessions, though; anything I can think of risks data loss if apps haven't committed all open data to storage yet. ------enig2AUPDLNRXCXSSWOUTOQUH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRScYhAAoJED5TcEBdxYwQOLQH/R2Tg4HVMiyUadjRMCr9up8I Zfym789NscDM+XUd5HhIb82iaW+iR/cnhOwCDmZpIhHehOjeQjQjzDKLbYY9mYiT rhM+VX555QOEn0tC3xc+aBr97DkUTw/UQv5pw2WqnWc1M3DispiD9gfkUxAHtosP XAcfbkXnA0bP/w4jKO7d6/bSru/HbqEBPetQ11kGD5Kc/vopZwMjWv+xFkhp9sWS /VTj78Zg9AL3f1f1KYrV9vh6Jsn20jn1l5dXF3/LGMQQe8oP9HOHBjNkOTArYktS p5h1ViQmvDXVCMe2rkQjyWt5WFIn4MNPWPEJTODXen8sCIJ1Z6U2C9nBGtzP4E4= =mtq3 -----END PGP SIGNATURE----- ------enig2AUPDLNRXCXSSWOUTOQUH--