modules/pam_login_access/login.access.5

    login.access.5 revision 50477

 $FreeBSD: head/lib/libpam/modules/pam_login_access/login.access.5 50477 1999-08-28 01:08:13Z peter $

 this is comment
.Dd April 30, 1994
.Dt LOGIN.ACCESS 5
.Os FreeBSD 1.2
.Sh NAME
.Nm login.access
.Nd login access control table
.Sh DESCRIPTION
The
.Nm
file specifies (user, host) combinations and/or (user, tty)
combinations for which a login will be either accepted or refused.
p
When someone logs in, the
.Nm
is scanned for the first entry that
matches the (user, host) combination, or, in case of non-networked
logins, the first entry that matches the (user, tty) combination. The
permissions field of that table entry determines whether the login will
be accepted or refused.
p
Each line of the login access control table has three fields separated by a
":" character: permission : users : origins
p
The first field should be a "+" (access granted) or "-" (access denied)
character. The second field should be a list of one or more login names,
group names, or ALL (always matches). The third field should be a list
of one or more tty names (for non-networked logins), host names, domain
names (begin with "."), host addresses, internet network numbers (end
with "."), ALL (always matches) or LOCAL (matches any string that does
not contain a "." character). If you run NIS you can use @netgroupname
in host or user patterns.
p
The EXCEPT operator makes it possible to write very compact rules.
p
The group file is searched only when a name does not match that of the
logged-in user. Only groups are matched in which users are explicitly
listed: the program does not look at a user's primary group id value.
.Sh FILES
l -tag -width /etc/login.access -compact t Pa /etc/login.access The
.Nm
file resides in
a /etc .
.El
.Sh SEE ALSO
.Xr login 1 ,
.Xr pam 8
.Sh AUTHORS
.An Guido van Rooij