freebsd-dev/lib/libpam/modules/pam_login_access/login.access.5

57 lines
1.7 KiB
Groff
Raw Normal View History

.\"
1999-08-28 01:08:13 +00:00
.\" $FreeBSD$
.\"
.\" this is comment
.Dd April 30, 1994
.Dt LOGIN.ACCESS 5
.Os
.Sh NAME
.Nm login.access
.Nd login access control table
.Sh DESCRIPTION
The
.Nm
2001-07-15 08:06:20 +00:00
file specifies (user, host) combinations and/or (user, tty)
combinations for which a login will be either accepted or refused.
.Pp
2001-07-15 08:06:20 +00:00
When someone logs in, the
.Nm
is scanned for the first entry that
matches the (user, host) combination, or, in case of non-networked
logins, the first entry that matches the (user, tty) combination. The
2001-07-15 08:06:20 +00:00
permissions field of that table entry determines whether the login will
be accepted or refused.
.Pp
Each line of the login access control table has three fields separated by a
":" character: permission : users : origins
.Pp
The first field should be a "+" (access granted) or "-" (access denied)
character.
The second field should be a list of one or more login names,
group names, or ALL (always matches). The third field should be a list
of one or more tty names (for non-networked logins), host names, domain
names (begin with "."), host addresses, internet network numbers (end
with "."), ALL (always matches) or LOCAL (matches any string that does
not contain a "." character). If you run NIS you can use @netgroupname
in host or user patterns.
.Pp
The EXCEPT operator makes it possible to write very compact rules.
.Pp
The group file is searched only when a name does not match that of the
logged-in user.
Only groups are matched in which users are explicitly
listed: the program does not look at a user's primary group id value.
.Sh FILES
.Bl -tag -width /etc/login.access -compact
.It Pa /etc/login.access
The
.Nm
file resides in
.Pa /etc .
.El
.Sh SEE ALSO
.Xr login 1 ,
.Xr pam 8
.Sh AUTHORS
.An Guido van Rooij