1.\"
| 1.\"
|
2.\" $FreeBSD: head/lib/libpam/modules/pam_login_access/login.access.5 131479 2004-07-02 19:55:26Z ru $
| 2.\" $FreeBSD: head/lib/libpam/modules/pam_login_access/login.access.5 131504 2004-07-02 23:52:20Z ru $
|
3.\"
4.\" this is comment
5.Dd April 30, 1994
6.Dt LOGIN.ACCESS 5
7.Os
8.Sh NAME
9.Nm login.access
10.Nd login access control table
11.Sh DESCRIPTION
12The
13.Nm
14file specifies (user, host) combinations and/or (user, tty)
15combinations for which a login will be either accepted or refused.
16.Pp
17When someone logs in, the
18.Nm
19is scanned for the first entry that
20matches the (user, host) combination, or, in case of non-networked
| 3.\"
4.\" this is comment
5.Dd April 30, 1994
6.Dt LOGIN.ACCESS 5
7.Os
8.Sh NAME
9.Nm login.access
10.Nd login access control table
11.Sh DESCRIPTION
12The
13.Nm
14file specifies (user, host) combinations and/or (user, tty)
15combinations for which a login will be either accepted or refused.
16.Pp
17When someone logs in, the
18.Nm
19is scanned for the first entry that
20matches the (user, host) combination, or, in case of non-networked
|
21logins, the first entry that matches the (user, tty) combination. The
| 21logins, the first entry that matches the (user, tty) combination.
22The
|
22permissions field of that table entry determines whether the login will
23be accepted or refused.
24.Pp
25Each line of the login access control table has three fields separated by a
26.Ql \&:
27character:
28.Ar permission : Ns Ar users : Ns Ar origins
29.Pp
30The first field should be a "+" (access granted) or "-" (access denied)
31character.
32The second field should be a list of one or more login names,
| 23permissions field of that table entry determines whether the login will
24be accepted or refused.
25.Pp
26Each line of the login access control table has three fields separated by a
27.Ql \&:
28character:
29.Ar permission : Ns Ar users : Ns Ar origins
30.Pp
31The first field should be a "+" (access granted) or "-" (access denied)
32character.
33The second field should be a list of one or more login names,
|
33group names, or ALL (always matches). The third field should be a list
| 34group names, or ALL (always matches).
35The third field should be a list
|
34of one or more tty names (for non-networked logins), host names, domain
35names (begin with "."), host addresses, internet network numbers (end
36with "."), ALL (always matches) or LOCAL (matches any string that does
| 36of one or more tty names (for non-networked logins), host names, domain
37names (begin with "."), host addresses, internet network numbers (end
38with "."), ALL (always matches) or LOCAL (matches any string that does
|
37not contain a "." character). If you run NIS you can use @netgroupname
| 39not contain a "." character).
40If you run NIS you can use @netgroupname
|
38in host or user patterns.
39.Pp
40The EXCEPT operator makes it possible to write very compact rules.
41.Pp
42The group file is searched only when a name does not match that of the
43logged-in user.
44Only groups are matched in which users are explicitly
45listed: the program does not look at a user's primary group id value.
--- 13 unchanged lines hidden --- | 41in host or user patterns.
42.Pp
43The EXCEPT operator makes it possible to write very compact rules.
44.Pp
45The group file is searched only when a name does not match that of the
46logged-in user.
47Only groups are matched in which users are explicitly
48listed: the program does not look at a user's primary group id value.
--- 13 unchanged lines hidden --- |