1.\" $Id$ 2.\" 3.Dd March 21, 2003 4.Dt LOGIN.ACCESS 5 5.Os HEIMDAL 6.Sh NAME 7.Nm login.access 8.Nd login access control table 9.Sh DESCRIPTION 10The 11.Nm login.access 12file specifies on which ttys or from which hosts certain users are 13allowed to login. 14.Pp 15At login, the 16.Pa /etc/login.access 17file is checked for the first entry that matches a specific user/host 18or user/tty combination. That entry can either allow or deny login 19access to that user. 20.Pp 21Each entry have three fields separated by colon: 22.Bl -bullet 23.It 24The first field indicates the permission given if the entry matches. 25It can be either 26.Dq + 27(allow access) 28or 29.Dq - 30(deny access) . 31.It 32The second field is a comma separated list of users or groups for 33which the current entry applies. NIS netgroups can used (if 34configured) if preceeded by @. The magic string ALL matches all users. 35A group will match if the user is a member of that group, or it is the 36user's primary group. 37.It 38The third field is a list of ttys, or network names. A network name 39can be either a hostname, a domain (indicated by a starting period), 40or a netgroup. As with the user list, ALL matches anything. LOCAL 41matches a string not containing a period. 42.El 43.Pp 44If the string EXCEPT is found in either the user or from list, the 45rest of the list are exceptions to the list before EXCEPT. 46.Sh BUGS 47If there's a user and a group with the same name, there is no way to 48make the group match if the user also matches. 49.Sh SEE ALSO 50.Xr login 1 51.Sh AUTHORS 52The 53.Fn login_access 54function was written by 55Wietse Venema. This manual page was written for Heimdal. 56