|
NAMElogin.access —
login access control table
SYNOPSIS/etc/login.accessDESCRIPTIONThelogin.access file specifies (user, host)
combinations and/or (user, tty) combinations for which a login will be either
accepted or refused.
When someone logs in, the Each line of the login access control table has three fields
separated by a ‘ The first field should be a "+" (access granted) or "-" (access denied) character. The second field should be a list of one or more login names, group names, or ALL (always matches). Group names must be enclosed in parentheses if the pam module specification for pam_login_access specifies the nodefgroup option. Otherwise, group names will only match if no usernames match. The third field should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), ALL (always matches) or LOCAL (matches any string that does not contain a "." character). If you run NIS you can use @netgroupname in host or user patterns. The EXCEPT operator makes it possible to write very compact rules. The group file is searched only when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed: the program does not look at a user's primary group id value. FILES
SEE ALSOlogin(1), pam_login_access(8)AUTHORSGuido van Rooij
Visit the GSP FreeBSD Man Page Interface. |