1.\" Copyright (c) 1996 David Nugent <davidn@blaze.net.au> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, is permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice immediately at the beginning of the file, without modification, 9.\" this list of conditions, and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14.\" is permitted provided this notation is included. 15.\" 4. Absolutely no warranty of function or purpose is made by the author 16.\" David Nugent. 17.\" 5. Modifications may be freely made to this file providing the above 18.\" conditions are met. 19.\"
| 1.\" Copyright (c) 1996 David Nugent <davidn@blaze.net.au> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, is permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice immediately at the beginning of the file, without modification, 9.\" this list of conditions, and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14.\" is permitted provided this notation is included. 15.\" 4. Absolutely no warranty of function or purpose is made by the author 16.\" David Nugent. 17.\" 5. Modifications may be freely made to this file providing the above 18.\" conditions are met. 19.\"
|
20.\" $FreeBSD: head/lib/libutil/login.conf.5 57142 2000-02-11 13:55:41Z nik $
| 20.\" $FreeBSD: head/lib/libutil/login.conf.5 57686 2000-03-02 09:14:21Z sheldonh $
|
21.\" 22.Dd November 22, 1996 23.Dt LOGIN.CONF 5 24.Os FreeBSD 25.Sh NAME 26.Nm login.conf 27.Nd login class capability database 28.Sh SYNOPSIS 29.Pa /etc/login.conf , 30.Pa ~/.login_conf 31.Sh DESCRIPTION 32.Nm login.conf 33contains various attributes and capabilities of login classes. 34A login class (an optional annotation against each record in the user 35account database, 36.Pa /etc/master.passwd ) 37determines session accounting, resource limits and user environment settings. 38It is used by various programs in the system to set up a user's login 39environment and to enforce policy, accounting and administrative restrictions. 40It also provides the means by which users are able to be 41authenticated to the system and the types of authentication available. 42.Pp 43A special record "default" in the system user class capability database 44.Pa /etc/login.conf 45is used automatically for any 46non-root user without a valid login class in 47.Pa /etc/master.passwd . 48A user with a uid of 0 without a valid login class will use the record 49"root" if it exists, or "default" if not. 50.Pp 51In FreeBSD, users may individually create a file called 52.Pa .login_conf 53in their home directory using the same format, consisting of a single 54entry with a record id of "me". 55If present, this file is used by 56.Xr login 1 57to set user-defined environment settings which override those specified 58in the system login capabilities database. 59Only a subset of login capabilities may be overridden, typically those 60which do not involve authentication, resource limits and accounting. 61.Pp 62Records in a class capabilities database consist of a number of 63colon-separated fields. 64The first entry for each record gives one or more names that a record is 65to be known by, each separated by a '|' character. 66The first name is the most common abbreviation. 67The last name given should be a long name that is more descriptive 68of the capability entry, and all others are synonyms. 69All names but the last should be in lower case and contain no blanks; 70the last name may contain upper case characters and blanks for 71readability. 72.Pp 73See 74.Xr getcap 3 75for a more in-depth description of the format of a capability database. 76.Sh CAPABILITIES 77Fields within each record in the database follow the 78.Xr getcap 3 79conventions for boolean, type string 80.Ql \&= 81and type numeric 82.Ql \&# , 83although type numeric is depreciated in favour of the string format and 84either form is accepted for a numeric datum. 85Values fall into the following categories: 86.Bl -tag -width "program" 87.It file 88Path name to a data file 89.It program 90Path name to an executable file 91.It list 92A list of values (or pairs of values) separated by commas or spaces 93.It path 94A space or comma separated list of path names, following the usual csh 95conventions (leading tilde with and without username being expanded to 96home directories etc.) 97.It number 98A numeric value, either decimal (default), hexadecimal (with leading 0x), 99or octal (with a leading 0). 100With a numeric type, only one numeric value is allowed. 101Numeric types may also be specified in string format (ie. the capability 102tag being delimited from the value by '=' instead of '#'). 103Whichever method is used, then all records in the database must use the 104same method to allow values to be correctly overridden in interpolated 105records. 106.It size 107A number which expresses a size. 108The default interpretation of a value is the number of bytes, but a 109suffix may specify alternate units: 110.Bl -tag -offset indent -compact -width xxxx 111.It b 112explicitly selects 512-byte blocks 113.It k 114selects kilobytes (1024 bytes) 115.It m 116specifies a multiplier of 1 megabyte (1048576 bytes), 117.It g 118specifies units of gigabytes, and 119.It t 120represents terabytes. 121.El 122A size value is a numeric quantity and case of the suffix is not significant. 123Concatenated values are added together. 124.It time 125A period of time, by default in seconds. 126A prefix may specify a different unit: 127.Bl -tag -offset indent -compact -width xxxx 128.It y 129indicates the number of 365 day years, 130.It w 131indicates the number of weeks, 132.It d 133the number of days, 134.It h 135the number of hours, 136.It m 137the number of minutes, and 138.It s 139the number of seconds. 140.El 141Concatenated values are added together. 142For example, 2 hours and 40 minutes may be written either as 1439600s, 160m or 2h40m. 144.El 145.Pp 146The usual convention to interpolate capability entries using the special 147.Em tc=value 148notation may be used. 149.Pp 150.Sh RESOURCE LIMITS 151.Bl -column coredumpsize indent indent 152.Sy Name Type Notes Description 153.It cputime time CPU usage limit. 154.It filesize size Maximum file size limit. 155.It datasize size Maximum data size limit. 156.It stacksize size Maximum stack size limit. 157.It coredumpsize size Maximum coredump size limit. 158.It memoryuse size Maximum of core memory use size limit. 159.It memorylocked size Maximum locked in core memory size limit. 160.It maxproc number Maximum number of processes. 161.It openfiles number Maximum number of open files per process. 162.El 163.Pp 164These resource limit entries actually specify both the maximum 165and current limits (see 166.Xr getrlimit 2 ). 167The current (soft) limit is the one normally used, although the user is permitted 168to increase the current limit to the maximum (hard) limit. 169The maximum and current limits may be specified individually by appending a 170-max or -cur to the capability name. 171.Pp 172.Sh ENVIRONMENT 173.Bl -column ignorenologin indent xbinxxusrxbin 174.Sy Name Type Notes Description 175.It charset string Set $MM_CHARSET environment variable to the specified 176value. 177.It hushlogin bool false Same as having a ~/.hushlogin file. 178.It ignorenologin bool false Login not prevented by nologin. 179.It lang string Set $LANG environment variable to the specified value. 180.It manpath path Default search path for manpages. 181.It nologin file If the file exists it will be displayed and 182the login session will be terminated. 183.It path path /bin /usr/bin Default search path. 184.It priority number Initial priority (nice) level. 185.It requirehome bool false Require a valid home directory to login. 186.It setenv list A comma-separated list of environment variables and 187values to which they are to be set. 188.It shell prog Session shell to execute rather than the
| 21.\" 22.Dd November 22, 1996 23.Dt LOGIN.CONF 5 24.Os FreeBSD 25.Sh NAME 26.Nm login.conf 27.Nd login class capability database 28.Sh SYNOPSIS 29.Pa /etc/login.conf , 30.Pa ~/.login_conf 31.Sh DESCRIPTION 32.Nm login.conf 33contains various attributes and capabilities of login classes. 34A login class (an optional annotation against each record in the user 35account database, 36.Pa /etc/master.passwd ) 37determines session accounting, resource limits and user environment settings. 38It is used by various programs in the system to set up a user's login 39environment and to enforce policy, accounting and administrative restrictions. 40It also provides the means by which users are able to be 41authenticated to the system and the types of authentication available. 42.Pp 43A special record "default" in the system user class capability database 44.Pa /etc/login.conf 45is used automatically for any 46non-root user without a valid login class in 47.Pa /etc/master.passwd . 48A user with a uid of 0 without a valid login class will use the record 49"root" if it exists, or "default" if not. 50.Pp 51In FreeBSD, users may individually create a file called 52.Pa .login_conf 53in their home directory using the same format, consisting of a single 54entry with a record id of "me". 55If present, this file is used by 56.Xr login 1 57to set user-defined environment settings which override those specified 58in the system login capabilities database. 59Only a subset of login capabilities may be overridden, typically those 60which do not involve authentication, resource limits and accounting. 61.Pp 62Records in a class capabilities database consist of a number of 63colon-separated fields. 64The first entry for each record gives one or more names that a record is 65to be known by, each separated by a '|' character. 66The first name is the most common abbreviation. 67The last name given should be a long name that is more descriptive 68of the capability entry, and all others are synonyms. 69All names but the last should be in lower case and contain no blanks; 70the last name may contain upper case characters and blanks for 71readability. 72.Pp 73See 74.Xr getcap 3 75for a more in-depth description of the format of a capability database. 76.Sh CAPABILITIES 77Fields within each record in the database follow the 78.Xr getcap 3 79conventions for boolean, type string 80.Ql \&= 81and type numeric 82.Ql \&# , 83although type numeric is depreciated in favour of the string format and 84either form is accepted for a numeric datum. 85Values fall into the following categories: 86.Bl -tag -width "program" 87.It file 88Path name to a data file 89.It program 90Path name to an executable file 91.It list 92A list of values (or pairs of values) separated by commas or spaces 93.It path 94A space or comma separated list of path names, following the usual csh 95conventions (leading tilde with and without username being expanded to 96home directories etc.) 97.It number 98A numeric value, either decimal (default), hexadecimal (with leading 0x), 99or octal (with a leading 0). 100With a numeric type, only one numeric value is allowed. 101Numeric types may also be specified in string format (ie. the capability 102tag being delimited from the value by '=' instead of '#'). 103Whichever method is used, then all records in the database must use the 104same method to allow values to be correctly overridden in interpolated 105records. 106.It size 107A number which expresses a size. 108The default interpretation of a value is the number of bytes, but a 109suffix may specify alternate units: 110.Bl -tag -offset indent -compact -width xxxx 111.It b 112explicitly selects 512-byte blocks 113.It k 114selects kilobytes (1024 bytes) 115.It m 116specifies a multiplier of 1 megabyte (1048576 bytes), 117.It g 118specifies units of gigabytes, and 119.It t 120represents terabytes. 121.El 122A size value is a numeric quantity and case of the suffix is not significant. 123Concatenated values are added together. 124.It time 125A period of time, by default in seconds. 126A prefix may specify a different unit: 127.Bl -tag -offset indent -compact -width xxxx 128.It y 129indicates the number of 365 day years, 130.It w 131indicates the number of weeks, 132.It d 133the number of days, 134.It h 135the number of hours, 136.It m 137the number of minutes, and 138.It s 139the number of seconds. 140.El 141Concatenated values are added together. 142For example, 2 hours and 40 minutes may be written either as 1439600s, 160m or 2h40m. 144.El 145.Pp 146The usual convention to interpolate capability entries using the special 147.Em tc=value 148notation may be used. 149.Pp 150.Sh RESOURCE LIMITS 151.Bl -column coredumpsize indent indent 152.Sy Name Type Notes Description 153.It cputime time CPU usage limit. 154.It filesize size Maximum file size limit. 155.It datasize size Maximum data size limit. 156.It stacksize size Maximum stack size limit. 157.It coredumpsize size Maximum coredump size limit. 158.It memoryuse size Maximum of core memory use size limit. 159.It memorylocked size Maximum locked in core memory size limit. 160.It maxproc number Maximum number of processes. 161.It openfiles number Maximum number of open files per process. 162.El 163.Pp 164These resource limit entries actually specify both the maximum 165and current limits (see 166.Xr getrlimit 2 ). 167The current (soft) limit is the one normally used, although the user is permitted 168to increase the current limit to the maximum (hard) limit. 169The maximum and current limits may be specified individually by appending a 170-max or -cur to the capability name. 171.Pp 172.Sh ENVIRONMENT 173.Bl -column ignorenologin indent xbinxxusrxbin 174.Sy Name Type Notes Description 175.It charset string Set $MM_CHARSET environment variable to the specified 176value. 177.It hushlogin bool false Same as having a ~/.hushlogin file. 178.It ignorenologin bool false Login not prevented by nologin. 179.It lang string Set $LANG environment variable to the specified value. 180.It manpath path Default search path for manpages. 181.It nologin file If the file exists it will be displayed and 182the login session will be terminated. 183.It path path /bin /usr/bin Default search path. 184.It priority number Initial priority (nice) level. 185.It requirehome bool false Require a valid home directory to login. 186.It setenv list A comma-separated list of environment variables and 187values to which they are to be set. 188.It shell prog Session shell to execute rather than the
|
189shell specified in the passwd file. The SHELL environment variable will
| 189shell specified in the passwd file. 190The SHELL environment variable will
|
190contain the shell specified in the password file. 191.It term string Default terminal type if not able to determine from 192other means. 193.It timezone string Default value of $TZ environment variable. 194.It umask number 022 Initial umask. Should always have a leading 0 to 195ensure octal interpretation. 196.It welcome file /etc/motd File containing welcome message. 197.El 198.Pp 199.Sh AUTHENTICATION 200.Bl -column minpasswordlen indent indent 201.Sy Name Type Notes Description 202.It minpasswordlen number 6 The minimum length a local password may be. 203.\" .It approve program Program to approve login. 204.It mixpasswordcase bool true Whether 205.Xr passwd 1 206will warn the user if an all lower case password is entered. 207.It copyright file File containing additional copyright information 208.\".It widepasswords bool false Use the wide password format. The wide password 209.\" format allows up to 128 significant characters in the password. 210.It host.allow list List of remote host wildcards from which users in 211the class may access. 212.It host.deny list List of remote host wildcards from which users in 213the class may not access. 214.It times.allow list List of time periods during which 215logins are allowed. 216.It times.deny list List of time periods during which logins are 217disallowed. 218.It ttys.allow list List of ttys and ttygroups which users 219in the class may use for access. 220.It ttys.deny list List of ttys and ttygroups which users 221in the class may not use for access. 222.El 223.Pp 224These fields are intended to be used by 225.Xr passwd 1 226and other programs in the login authentication system. 227.Pp 228Capabilities that set environment variables are scanned for both 229.Ql \&~ 230and 231.Ql \&$ 232characters, which are substituted for a user's home directory and name 233respectively. 234To pass these characters literally into the environment variable, escape 235the character by preceding it with a backslash '\\'. 236.Pp 237The 238.Em host.allow 239and 240.Em host.deny 241entries are comma separated lists used for checking remote access to the system, 242and consist of a list of hostnames and/or IP addresses against which remote 243network logins are checked. 244Items in these lists may contain wildcards in the form used by shell programs 245for wildcard matching (See 246.Xr fnmatch 3 247for details on the implementation). 248The check on hosts is made against both the remote system's Internet address 249and hostname (if available). 250If both lists are empty or not specified, then logins from any remote host 251are allowed. 252If host.allow contains one or more hosts, then only remote systems matching 253any of the items in that list are allowed to log in. 254If host.deny contains one or more hosts, then a login from any matching hosts 255will be disallowed. 256.Pp 257The 258.Em times.allow 259and 260.Em times.deny 261entries consist of a comma-separated list of time periods during which the users 262in a class are allowed to be logged in. 263These are expressed as one or more day codes followed by a start and end times 264expressed in 24 hour format, separated by a hyphen or dash. 265For example, MoThSa0200-1300 translates to Monday, Thursday and Saturday between 266the hours of 2 am and 1 p.m.. 267If both of these time lists are empty, users in the class are allowed access at 268any time. 269If 270.Em times.allow 271is specified, then logins are only allowed during the periods given. 272If 273.Em times.deny 274is specified, then logins are denied during the periods given, regardless of whether 275one of the periods specified in 276.Em times.allow 277applies. 278.Pp 279Note that 280.Xr login 1 281enforces only that the actual login falls within periods allowed by these entries. 282Further enforcement over the life of a session requires a separate daemon to 283monitor transitions from an allowed period to a non-allowed one. 284.Pp 285The 286.Em ttys.allow 287and 288.Em ttys.deny 289entries contain a comma-separated list of tty devices (without the /dev/ prefix) 290that a user in a class may use to access the system, and/or a list of ttygroups 291(See 292.Xr getttyent 3 293and 294.Xr ttys 5 295for information on ttygroups). 296If neither entry exists, then the choice of login device used by the user is 297unrestricted. 298If only 299.Em ttys.allow 300is specified, then the user is restricted only to ttys in the given 301group or device list. 302If only 303.Em ttys.deny 304is specified, then the user is prevented from using the specified devices or 305devices in the group. 306If both lists are given and are non-empty, the user is restricted to those 307devices allowed by ttys.allow that are not available by ttys.deny. 308.Sh ACCOUNTING LIMITS 309.Bl -column host.accounted indent indent 310.Sy Name Type Notes Description 311.It accounted bool false Enable session time accounting for all users 312in this class. 313.It autodelete time Time after expiry when account is auto-deleted. 314.It bootfull bool false Enable 'boot only if ttygroup is full' strategy 315when terminating sessions. 316.It daytime time Maximum login time per day. 317.It expireperiod time Time for expiry allocation. 318.It graceexpire time Grace days for expired account. 319.It gracetime time Additional grace login time allowed. 320.It host.accounted list List of remote host wildcards from which 321login sessions will be accounted. 322.It host.exempt list List of remote host wildcards from which 323login session accounting is exempted. 324.It idletime time Maximum idle time before logout. 325.It monthtime time Maximum login time per month. 326.It passwordtime time Used by 327.Xr passwd 1 328to set next password expiry date. 329.It refreshtime time New time allowed on account refresh. 330.It refreshperiod str How often account time is refreshed. 331.It sessiontime time Maximum login time per session. 332.It sessionlimit number Maximum number of concurrent 333login sessions on ttys in any group. 334.It ttys.accounted list List of ttys and ttygroups for which 335login accounting is active. 336.It ttys.exempt list List of ttys and ttygroups for which login accounting 337is exempt. 338.It warnexpire time Advance notice for pending account expiry. 339.It warnpassword time Advance notice for pending password expiry. 340.It warntime time Advance notice for pending out-of-time. 341.It weektime time Maximum login time per week. 342.El 343.Pp 344These fields are used by the time accounting system, which regulates, 345controls and records user login access. 346.Pp 347The 348.Em ttys.accounted 349and 350.Em ttys.exempt 351fields operate in a similar manner to 352.Em ttys.allow 353and 354.Em ttys.deny 355as explained 356above. 357Similarly with the 358.Em host.accounted 359and 360.Em host.exempt 361lists. 362.Sh SEE ALSO 363.Xr login 1 , 364.Xr getcap 3 , 365.Xr getttyent 3 , 366.Xr login_cap 3 , 367.Xr login_class 3 , 368.Xr passwd 5 , 369.Xr ttys 5
| 191contain the shell specified in the password file. 192.It term string Default terminal type if not able to determine from 193other means. 194.It timezone string Default value of $TZ environment variable. 195.It umask number 022 Initial umask. Should always have a leading 0 to 196ensure octal interpretation. 197.It welcome file /etc/motd File containing welcome message. 198.El 199.Pp 200.Sh AUTHENTICATION 201.Bl -column minpasswordlen indent indent 202.Sy Name Type Notes Description 203.It minpasswordlen number 6 The minimum length a local password may be. 204.\" .It approve program Program to approve login. 205.It mixpasswordcase bool true Whether 206.Xr passwd 1 207will warn the user if an all lower case password is entered. 208.It copyright file File containing additional copyright information 209.\".It widepasswords bool false Use the wide password format. The wide password 210.\" format allows up to 128 significant characters in the password. 211.It host.allow list List of remote host wildcards from which users in 212the class may access. 213.It host.deny list List of remote host wildcards from which users in 214the class may not access. 215.It times.allow list List of time periods during which 216logins are allowed. 217.It times.deny list List of time periods during which logins are 218disallowed. 219.It ttys.allow list List of ttys and ttygroups which users 220in the class may use for access. 221.It ttys.deny list List of ttys and ttygroups which users 222in the class may not use for access. 223.El 224.Pp 225These fields are intended to be used by 226.Xr passwd 1 227and other programs in the login authentication system. 228.Pp 229Capabilities that set environment variables are scanned for both 230.Ql \&~ 231and 232.Ql \&$ 233characters, which are substituted for a user's home directory and name 234respectively. 235To pass these characters literally into the environment variable, escape 236the character by preceding it with a backslash '\\'. 237.Pp 238The 239.Em host.allow 240and 241.Em host.deny 242entries are comma separated lists used for checking remote access to the system, 243and consist of a list of hostnames and/or IP addresses against which remote 244network logins are checked. 245Items in these lists may contain wildcards in the form used by shell programs 246for wildcard matching (See 247.Xr fnmatch 3 248for details on the implementation). 249The check on hosts is made against both the remote system's Internet address 250and hostname (if available). 251If both lists are empty or not specified, then logins from any remote host 252are allowed. 253If host.allow contains one or more hosts, then only remote systems matching 254any of the items in that list are allowed to log in. 255If host.deny contains one or more hosts, then a login from any matching hosts 256will be disallowed. 257.Pp 258The 259.Em times.allow 260and 261.Em times.deny 262entries consist of a comma-separated list of time periods during which the users 263in a class are allowed to be logged in. 264These are expressed as one or more day codes followed by a start and end times 265expressed in 24 hour format, separated by a hyphen or dash. 266For example, MoThSa0200-1300 translates to Monday, Thursday and Saturday between 267the hours of 2 am and 1 p.m.. 268If both of these time lists are empty, users in the class are allowed access at 269any time. 270If 271.Em times.allow 272is specified, then logins are only allowed during the periods given. 273If 274.Em times.deny 275is specified, then logins are denied during the periods given, regardless of whether 276one of the periods specified in 277.Em times.allow 278applies. 279.Pp 280Note that 281.Xr login 1 282enforces only that the actual login falls within periods allowed by these entries. 283Further enforcement over the life of a session requires a separate daemon to 284monitor transitions from an allowed period to a non-allowed one. 285.Pp 286The 287.Em ttys.allow 288and 289.Em ttys.deny 290entries contain a comma-separated list of tty devices (without the /dev/ prefix) 291that a user in a class may use to access the system, and/or a list of ttygroups 292(See 293.Xr getttyent 3 294and 295.Xr ttys 5 296for information on ttygroups). 297If neither entry exists, then the choice of login device used by the user is 298unrestricted. 299If only 300.Em ttys.allow 301is specified, then the user is restricted only to ttys in the given 302group or device list. 303If only 304.Em ttys.deny 305is specified, then the user is prevented from using the specified devices or 306devices in the group. 307If both lists are given and are non-empty, the user is restricted to those 308devices allowed by ttys.allow that are not available by ttys.deny. 309.Sh ACCOUNTING LIMITS 310.Bl -column host.accounted indent indent 311.Sy Name Type Notes Description 312.It accounted bool false Enable session time accounting for all users 313in this class. 314.It autodelete time Time after expiry when account is auto-deleted. 315.It bootfull bool false Enable 'boot only if ttygroup is full' strategy 316when terminating sessions. 317.It daytime time Maximum login time per day. 318.It expireperiod time Time for expiry allocation. 319.It graceexpire time Grace days for expired account. 320.It gracetime time Additional grace login time allowed. 321.It host.accounted list List of remote host wildcards from which 322login sessions will be accounted. 323.It host.exempt list List of remote host wildcards from which 324login session accounting is exempted. 325.It idletime time Maximum idle time before logout. 326.It monthtime time Maximum login time per month. 327.It passwordtime time Used by 328.Xr passwd 1 329to set next password expiry date. 330.It refreshtime time New time allowed on account refresh. 331.It refreshperiod str How often account time is refreshed. 332.It sessiontime time Maximum login time per session. 333.It sessionlimit number Maximum number of concurrent 334login sessions on ttys in any group. 335.It ttys.accounted list List of ttys and ttygroups for which 336login accounting is active. 337.It ttys.exempt list List of ttys and ttygroups for which login accounting 338is exempt. 339.It warnexpire time Advance notice for pending account expiry. 340.It warnpassword time Advance notice for pending password expiry. 341.It warntime time Advance notice for pending out-of-time. 342.It weektime time Maximum login time per week. 343.El 344.Pp 345These fields are used by the time accounting system, which regulates, 346controls and records user login access. 347.Pp 348The 349.Em ttys.accounted 350and 351.Em ttys.exempt 352fields operate in a similar manner to 353.Em ttys.allow 354and 355.Em ttys.deny 356as explained 357above. 358Similarly with the 359.Em host.accounted 360and 361.Em host.exempt 362lists. 363.Sh SEE ALSO 364.Xr login 1 , 365.Xr getcap 3 , 366.Xr getttyent 3 , 367.Xr login_cap 3 , 368.Xr login_class 3 , 369.Xr passwd 5 , 370.Xr ttys 5
|