You might be interested in configuring Dynamic Access lists, along with specifying a Time-range parameter for the access-list, so that the user is authenticated only during the specified time-range.
Check this link for configuring Dynamic Access-lists
http://www.cisco.com/warp/public/69/13.html
Set the clock properly on the router/switch, or try using NTP.
Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus